04-23-2007 10:23 PM
"login/passowrd_max_new_valid"; it sets the maximum interval between the time when the user is created and the first time the user logs on. And after this interval has passed, the Initial password will expire.
If so, is there any way to know whether the PW has been actually expired? It does not say anything in SU01, nor shows in Report: RSUSR200 or Table: USR02 (shows 0 - User Flag). Our audit is asking to show the evidence of the parameter; whether its working properly, however we could not find a way to list those expired user Ids, other than asking each end users to try. Thanks.
04-24-2007 2:27 PM
Hi Kevin,
What is the SAP version you are using.
Check the profile parameters attibitues.
For testing in your Developement system make initial password valid for same day or for 1 day. Test and confirm the same with auditors.
Parameter description :
When creating a new user, the user administrator assigns the user an
initial password. When the user first logs on, they must change the
initial password to ensure that only they know
their password.
You use this parameter to set the maximum interval between the time
when the user is created and the first time the user logs on.
After this interval has password, the message "Initial password has
expired" is displayed and logon is denied.
Exception: SERVICE users (password is immediately valid for
an indefinite period and can only be changed by the user administrator
valid entries, formats, ranges : 0 - 24.000 (days)
Value 0: Initial password is valid for unlimited time
Value 1: Initial password is only valid on same day
Otherwise: After # days the user can no longer log on with the
initial password.
For more info go through the following links.
http://help.sap.com/saphelp_47x200/helpdata/en/22/41c43ac23cef2fe10000000a114084/frameset.htm
http://help.sap.com/saphelp_47x200/helpdata/en/e0/12f524e1dd11d296230000e82de14a/frameset.htm
http://help.sap.com/saphelp_nw2004s/helpdata/en/22/41c43ac23cef2fe10000000a114084/frameset.htm
As you said in the report itself shows the list of new users who where not logged after created with lastlogon as not used.
If you need more info let me know.
Cheers
Soma
04-24-2007 4:26 PM
Thanks Soma. I know what these parameter means. Though, what we're struggling is to show our auditors whether those new user ID, have not logged on more than say '7' days, have been deactivated, if so whether there is any table/field that indicate that.
04-24-2007 4:37 PM
Hi,
Not sure it's what you're searching, but maybe the RSUSR100 helps.
Best Regards,
JC Llanes.