cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to set the SAP user password as unchangeable

Go to solution
Former Member

on ‎02-01-2008 8:58 AM

0 Kudos

Hello experts,

There are some group-sap-users in our System. I want to set the password of those group users as UNCHANGEABLE, so that they can’t change their password themselves. The Users have the user type ‘dialog’. By means of changing the user type to ‘service’, the password can be protected. But then I have problem with the sap user license. Is there any other way?

Thanks in advance!

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

TomCenens
Active Contributor
‎02-01-2008 9:13 AM
0 Kudos

Dear Ying

You can get rid of the "new password" button that is visible in transaction SU01.

Call transaction SE41

Under tab Subobjects

Field Status --> fill in 0020

Go into change mode and remove the button from the application toolbar.

This change should be done in development and then transported into your landscape.

Reward point if useful.

Kind regards

Tom

Show replies
Show replies
Former Member
‎02-01-2008 9:18 AM
0 Kudos

Hi Tom,

Won't your suggestion also rule out possibility for other normal users to change their passwords.

Regards.

Ruchit.

Answers (1)

Answers (1)

Former Member
‎02-01-2008 9:33 AM
0 Kudos

Hi Tom,

Thanks for your reply! It is something new for me.

But then I have the problem, which Ruchit mentioned, exactly.

Best regards,

Ying

Show replies
Show replies
TomCenens
Active Contributor
‎02-01-2008 10:07 AM
0 Kudos

Hi Ying

I thought you wanted it for all users.

You can control it by using authorization on the specific users in that case.

I believe you should take a look at object S_USER<something> to be able to restrict the usage.

Kind regards

Tom

Former Member
‎02-01-2008 10:21 AM
0 Kudos

Hi Tom,

Again this authorization object is for some one to reset password of some other user. There is no authorization check to prevent someone from changing his own password.

Hi Ying,

Service user may be the only way to go in this case.

Regards.

Ruchit.

TomCenens
Active Contributor
‎02-01-2008 10:27 AM
0 Kudos

Hi Ying

I'm pretty sure there is a way but I can't check it right now.

We have such systems where this is set the way you would like it to be, but those are connected to a CUA (central user administration) so the possibility

does exist for regular Dialog users.

Unless it is valid for all users in the systems (which is very likely) that way only admin's in the CUA have authorization to change the password and synchronize it.

Service users is indeed what you are looking and most likely the best solution.

Kind regards

Tom

Edited by: Tom on Feb 1, 2008 10:35 AM

Ask a Question