Question: For security, we want to make sure that implement that password to automatically force users to change it every few months. When we talked to a basis guy, they said implementing it at this time might harm our system stability or might cause some negative impact on some transactions. How true is this? If true, what are the possible negative impact.
THanks.
Answer:
this is not true.
Your Basis is misleading you.
Snowy
_________________
SapFans Moderator
NetWeaver ‘04–SAP Web AS for ORACLE certified
Search: /forums/search.php
SAP Notes: http://service.sap.com/notes
SAP Help: http://help.sap.com
Basic Rules: /forums/viewtopic.php?t=222759
Answer:
It's a standard SAP system profile parameter called login/password_expiration_time and can be set to however many days you choose within the range 0 - 999 (Value 0 means users are not forced to change their password).
The parameter applies to all users in the same system, ie you cannot set one period, say 90 days for some users and another period of 45 days for others.
Like Snowy said, your Basis perosn is misleading you. Maybe he doesn't understand how profile parameters work, or maybe he doesn't want to do the work. You really need to get a reasonable value set for security purposes. Get your auditors to back you up.
_________________
Sandi
~~~~
Apparently Father Christmas, the Easter Bunny, the Tooth Fairy and Star Wars aren't real
Tuly kiwi.
Answer:
It applies to dialog users only
Answer:
I've worked where we had a shift system in operation with casual users of SAP such that some users may not use SAP for a period that crosses the "renew password" boundary. It was a process industry. Here users had to be reinstated immediately and often out of normal hours. Do bare this in mind.
Answer:
Hi,
the password expiration should not cause any problem. Nevertheless you should be careful. There are some non-ordinal cases when it can make troubles. For example:
-- the interface users are mis-configured (dialog type)
-- some programs contains hard coded passwords
-- lot of ppl use same user/password
Btw:
In our new BW system (6.40 kernel) there is a new profile parameter: rfc/reject_expired_passwd.
Most of BW users login through BEx so I tried to set this parameter to "1". With the password expiration it is a deadly combo against interfaces: no communication user can login
Regards,
Zav
Answer:
What transaction can I use to change the login/password_expiration_time ...it seems that RZ11 is just a display of value......
Thanks.
Answer:
What transaction can I use to change the login/password_expiration_time ...it seems that RZ11 is just a display of value......
Thanks.
Frankly: if you have to aks this question, someone else should do it.
Answer:
What transaction can I use to change the login/password_expiration_time ...it seems that RZ11 is just a display of value......
Thanks.
If you don't know then you shouldn't be messing with profile parameters!
Best leave making this change to your Basis team. If you have any sort of change management in place this shoud be the case anyway.
changing password regularly
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment