Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Is there a way to disable change your Initial Password prompt?

Former Member
0 Kudos

when a newly created user logs in for the first time, he gets a CHANGE YOUR PASSWORD PROMPT.

Is there a way to disable that Initial Password prompt?

pls help me how to do it.

Thanks

1 ACCEPTED SOLUTION

Former Member
0 Kudos

Hi Hruser,

Am not sure if this can be handled for dialog users. Also, this feature could have severe security fallouts.

However, if this is for testing / training purposes, then you think of creating the users of type "Service'.

The initial password prompt is not checked for service users. and the passwords do not expire.

Let us know for what scenario you are trying to implement this.

Thank you

Abhishek

17 REPLIES 17

Former Member
0 Kudos

Hi Hruser,

Am not sure if this can be handled for dialog users. Also, this feature could have severe security fallouts.

However, if this is for testing / training purposes, then you think of creating the users of type "Service'.

The initial password prompt is not checked for service users. and the passwords do not expire.

Let us know for what scenario you are trying to implement this.

Thank you

Abhishek

0 Kudos

all the users are dialog users,need to disable this as this is causing problems maintaining test scripts for populating n-n portal credentials.

0 Kudos

There is a way but it requires major surgery & is not recommended.

Depending on what you are using the Dialog users for, you could switch them to a Service user as Abishek recommended which should be OK if it is only for test purposes.

Another simple alternative would be to log in as the user and change the initial password manually. You do thosands of users in a day & the is significantly less effort than changing Standard SAP.

0 Kudos

I cld change them from dialog to service...but i am dealing with 100,000 users here, so was saving myself some trouble creating a SECAT or use any other tool for Batch change..

I was hoping for a simple enable-diable switch like thing (hoped too much)

With 100,000 manual logging is way out of question..

Thanks anyways

0 Kudos

I agree, that's too many users to update manually!

Maybe it is worth re-investigating your method of populating the portal credentials, initial login password change is a key control.

0 Kudos

You do realise that some features of SAP cannot be used by users of type 'service', don't you???

Generic object services are not available for example.

0 Kudos

WOW!!

100,000 users!!

hmm...... thats some maintenance nightmare Hruser

Hope you manage it without being stressed.

0 Kudos

>

> You do realise that some features of SAP cannot be used by users of type 'service', don't you???

>

> Generic object services are not available for example.

Hi Mylene, I would appreciate if you could describe this further, am trying to learn.

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
0 Kudos

>

> all the users are dialog users,need to disable this as this is causing problems maintaining test scripts for populating n-n portal credentials.

Am I right guessing that you intend to synchronize passwords in order to implement a kind of "poor man's SSO" (based on UID/PWD) ...?

Notice: the reason behind the requirement to change a password which has been set by another person is to ensure that only the authorized user knows that password. Same applies for a (computer-)generated password - since such passwords are impossible to memorize, it's assumed that the user has copied the password to somewhere (which is a security risk).

0 Kudos

Hi,

please keep in mind, that you need to think about your SAP-contract for extensive use of service-users......

Why not making use of BAPI_USER_CREATE1 with parameter SELF_REGISTER as per SAP note #830493?

That would avoid any 'manual manipulation' after user creation.

b.rgds, Bernhard

0 Kudos

>

> >

> > You do realise that some features of SAP cannot be used by users of type 'service', don't you???

> >

> > Generic object services are not available for example.

>

>

> Hi Mylene, I would appreciate if you could describe this further, am trying to learn. 🙂

there's nothing much to describe - i am a basis-person and was no longer able to memorize up to 80 passwords for all systems/clients and changing them (asynchronously) every n days. therefore i was classified as a service-user (until noticed that a license audit is going to happen - i did change to developer then ...) - i'm no longer doing this - found another solution

but back to your question. when you move around as a service user you get to notice some things, as for example that every 'normal' dialog-user has that handy thing called 'GOS' all over the place - to view archived prints of invoices, to view the IDOCs that created a sales order ... not having it was why i tried to learn about GOS in the first place.

from my fellow basis persons i hear that the triggering of some workflows does not work with users of type 'service' (i have not experienced that myself) and obviously there's a problem with creating job-steps ...

so i'm assuming that a couple of other things might be different for users of type 'service'. i cannot say which, except for GOS (Generic Object Services) - not available for type 'service'-users.

Edited by: Mylene Euridice Dorias on May 14, 2008 4:57 PM

see this - came in minutes ago in this forum: - GOS again

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
0 Kudos

Mylene Euridice Dorias wrote:

> there's nothing much to describe - i am a basis-person and was no longer able to memorize up to 80 passwords for all systems/clients and changing them (asynchronously) every n days ...

Well, that sounds like using a proper SSO mechanism (which is not based on passwords) would resolve that problem.

I'm using SSO since many years - and frankly speaking: in many systems I do no longer have any password.

It's like with the (radio-controlled) central locking of your car: once you got it, you get used to it and do not want to miss it any more ...

Cheers, Wolfgang

0 Kudos

He Mylene,

Thank you very much

I had never ever heard this before, but a security person should be aware of something like this. Thank you for sharing this

The link was very helpful.

>

> see this - came in minutes ago in this forum: - GOS again

GOS again should be re-named - "there she GOS again" xD

LOL

Hi Wolfgang,

😛 yeah.... single sign on makes life so easy. We are implementing it across all systems here, there abt half which are still being configured..... so, my car system is getting an upgrade

Ha ha

Edited by: Abhishek Belokar on May 14, 2008 11:06 PM

Former Member
0 Kudos

you can write ABAP program to update ltime column of USR02 table to '000001' for all the user ids you don't want to change password while loging first time.

< declaration >

loop

update usr02

set ltime = '000001'

where bname = <id>.

end loop.

<end>

0 Kudos

How about login/password_logon_usergroup (Disables Logon based on password for certain User Group) and login/disable_password_logon(Disable Logon based on password for the entire system.

Gp

0 Kudos

>

> How about login/password_logon_usergroup (Disables Logon based on password for certain User Group) and login/disable_password_logon(Disable Logon based on password for the entire system.

>

> Gp

Is this recommended without ensuring some other form of authentication has been implemented?

0 Kudos

i dont want to disable password altogether..i just want to disable initial password change prompt.