Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

login/passowrd_max_new_valid - How to display ID with PW expired?

Former Member

‎04-23-2007 10:22 PM

0 Kudos

"login/passowrd_max_new_valid"; it sets the maximum interval between the time when the user is created and the first time the user logs on. And after this interval has passed, the Initial password will expire.

If so, is there any way to know whether the PW has been actually expired? It does not say anything in SU01, nor shows in Report: RSUSR200 or Table: USR02 (shows 0 - User Flag). Our audit is asking to show the evidence of the parameter; whether it’s working properly, however we couldn’t not find a way to list those expired user Ids, other than asking each end users to try. Thanks.

5 REPLIES 5

Former Member

‎04-23-2007 10:35 PM

0 Kudos

You can look at table USR02 and field PASSCODE. It will be filled with 0's across the field if the password has been deactivated.

Cheers,

Ben

Former Member
In response to Former Member

‎04-23-2007 10:44 PM

0 Kudos

Kevin,

I misinterpreted your question. The table USR02 and field PASSCODE shows inactivated passwords.

Cheers,

Ben

Former Member

‎04-24-2007 4:34 PM

0 Kudos

Thanks Ben. But, Still PASSCODE in USR02 shows 0s regardless of inactive/active user IDs.

i.e., )as our setting for 'login/passowrd_max_new_valid' has been set to '7'.

The ID that was created 10 days ago should be deactivated, vs the ID which was created today - no logon for the both cases. However, if I look at USR02 table there is no difference in both IDs.

Former Member
In response to Former Member

‎04-24-2007 4:37 PM

0 Kudos

Kevin,

That is correct. I originally interpreted your question as inactivated passwords (using the deactivate password command). Not ID's inactivated to the parameter setting.

Cheers,

Ben

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎04-26-2007 1:20 PM

0 Kudos

1. you should <u>not</u> use <i>login/password_max_<b>new</b>_valid</i> but only <i>login/password_max_<b>reset</b>_valid</i> (in release 6.20 and 6.40, see <a href="https://service.sap.com/sap/support/notes/450452">SAP Note 450452</a>)

2. as of NetWeaver 7.0 you should use <i>login/password_max_idle_initial</i>, instead (see <a href="https://service.sap.com/sap/support/notes/862989">SAP Note 862989</a>); in addition, the lifetime of idle productive passwords can be restricted, now.

3. as of NetWeaver 7.0 the User Info System (SUIM, report RSUSR200) evaluates those profile parameters (see <a href="https://service.sap.com/sap/support/notes/992855">SAP Note 992855</a>)

Regards, Wolfgang