Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Security parameters

sanjeevagatpa
Explorer
0 Kudos

Hi All,

In SAP 4.7 version we have below security parameters but in SAP Netweaver 7.3 we do not have. Kindly suggest what are the alternate parameters for these.

1. Login/password_max_new_valid

2. Login/password_max_reset_valid

Regards,

Sanjeeva


1 ACCEPTED SOLUTION

Former Member
0 Kudos

Actually you should not use those on 4.7 either. You will have upgraded the kernel and that is (should be...) backward compatible.

The new ones are login/password_max_idle* for initial and productive passwords.

Note that these may need to be created first in RZ10 if available in RSPFPAR and will respect user types. You must therefore take care that you do not set time stamp exactness for RFC logins as this was the "old" trick to indicate an initialized password.

Cheers,

Julius

12 REPLIES 12

Former Member
0 Kudos

Actually you should not use those on 4.7 either. You will have upgraded the kernel and that is (should be...) backward compatible.

The new ones are login/password_max_idle* for initial and productive passwords.

Note that these may need to be created first in RZ10 if available in RSPFPAR and will respect user types. You must therefore take care that you do not set time stamp exactness for RFC logins as this was the "old" trick to indicate an initialized password.

Cheers,

Julius

0 Kudos

Dear All,

I had a question regarding security parameters and I found this thread, so thought would ask here only.

There is a setting or parameter in ECC which prevents a user to reset own password more than one time in a day. We are unable to find it. The issue is that we have deactivated password reset from backend and started using GRC Password self-service. Due to complexity of password parameter, users tend to forget password and need to reset it more than one time.

Is it possible to change this value from one to greater value?

Regards,

Sabita

0 Kudos

Hi,

first, you are hijacking thread. You should have posted a new question.

The parameter you are looking for is login/password_change_waittime (check doco in RZ11) but minimal value is 1 day. Its important to keep it at least one day. Otherwise it's easy for a user to use same password for unlimited time.

Cheers

0 Kudos

Hi Martin,

Thanks for your quick reply. As we are using GRC PSS, which generates new password every time and users have to change it at first login, so it should not be a issue.

I will keep in mind to open a new thread for a new question in future.

Thanks,

Sabita

0 Kudos

Hi,

then check note 1612281.

Cheers

0 Kudos

Hi Sabita,

the wait time only applies, when users try to change their passwords more than once a day. A pssaword can be set administrativly more than once a day and then a change is also always possible. However the user can not set his password to one of the last passwords used.

Can you therefor specify the error message your users do get? I would guess that changing the password_wait_time will not help, unless the password reset by GRC is configured to set a user password directly.

Regards,

Patrick

0 Kudos

Hi Patrick,

The password change through GRC happens though User Login, hence it considers above parameter. However, the password is system-generated.

Error message is similar to "you can't change the password more then once a day"

Regards,

Sabita

0 Kudos

Hi Sabita,

It might be, that the message is coming from GRC. I just double checked with an installation of GRC here. We definitly do not have the issue here. In our case, GRC will allways set the password on the system to initial state (password reset by admin) which allways allows the user to change it once. He just can't change it a second time the same day to avoid user to set their password to an elder one immediatly by changing it as often as the password history is confgured for to store the old passes. There I could also confirm, that GRC as a similiar option to not allowing a password to be RESET more than once a day.

Regards,

Patrick

0 Kudos

Yes Patrick, you are correct. Thanks for your valuable inputs.

Regards,

Sabita

0 Kudos

I suspect that the reset of the password is performed via trusted RFC call with current user from GRC to the backend system and then the user sets their own password productively and not by call to the user BAPIs (administratively).

This is equivalent to F5 on the SAPGui login screen.

Just speculation, but the ends match...  🙂

Cheers,

Julius

0 Kudos

I'd say you are far from being wrong Julius 😉

Regards,

Patrick

Former Member
0 Kudos

Hello,

You should check note 862989. Also check following whitepaper by SAP:

http://scn.sap.com/docs/DOC-17149

Regards,

Jose M. Prieto