DevOps and System Administration Discussions
Dive into SAP DevOps and system administration. Join discussions to collaborate on optimizing workflows, share knowledge, and leverage resources effectively.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

"login/password_max_idle_productive" rz10 doubt

former_member622718
Participant

‎2019 Dec 03 6:34 AM

0 Kudos
3,062

hi basis expertise,

i will set this parameterlogin/password_max_idle_productive to 45 days and restart server, just clarify the below doubts !

thank you advance !

1) if suppose user did not login into sap from past 45 days does this user get locked ?

2) if suppose user is accessing sap daily does his id will get locked on 45 day ?

meaning of this parameters is password should be kept changing every 45 days, suppose user doesn't change his password every 45 days time interval his id will get locked am i right basis expertise ??

8 REPLIES 8
Read only

FredericGirod
Active Contributor

‎2019 Dec 03 6:55 AM

1,848

There is a help on instance parameters :

When the user changes his or her password (not when the password is set by the user administrator), a so-called productive password is created. At the earliest, the user can then change this password again after the period specified by login/password_change_waittime. The parameter login/password_expiration_time defines the period after which the system prompts the user to change his or her password.

Using this parameter you can define the maximum time period between two password changes. Once this period has expired, the system displays the message "Password was not used for a long period and therefore deactivated" and rejects the logon.

You can use the program RSPARAM to display all the isntance parameters & pressing F1 will give you the help.

There is also the program RSUSR200 that will give you the last time people connect, the last time the password has been changed, ...

Read only

dasistdochscheisse
Active Participant

‎2019 Dec 03 7:13 AM

1,848

In RZ11, enter login/* and press F4. This will show you a list of all or at least the most password und login relevant profile parameters. For each parameter you can find a short description also.

Concerning your questions:

1: no. Yes only, if someone changed his password and the user does not logon within 45 days from the change on
2: no

Even if a password is expired (has reached login/password_expiration_time), the user will not get locked but instead, as Frederic has explained, the user will be prompted to change his password at the next login.

No offense, but please get familiar with the parameters before changing them. You might feel secure when in fact you are not or lock out your users if you set a bad combination of parameters.

Read only

former_member622718
Participant

‎2019 Dec 03 7:40 AM

0 Kudos
1,848

hello Ulf Brinkmeier and Frederic Girod thanks for answering !

1) if suppose user did not login into sap from past 45 days does this user get locked ?

2) if suppose user is accessing sap daily does his id will get locked on 45 day , even he is working sap daily and working on sap ?

actually what we need is user should get locked if he is not logging on sap from past 45 days and user should not get locked if he is logging daily or below past 45 days,

Read only

FredericGirod
Active Contributor
In response to former_member622718

‎2019 Dec 03 7:42 AM

1,848

1. Dialog user will have to change the password to be able to connect / background user (not B) will be locked

2. no

Read only

former_member622718
Participant

‎2019 Dec 03 7:53 AM

0 Kudos
1,848

hi frederic girod,

thank you for your quick response, then shall i activate this parameters now ?

if user is accessing sap daily or below 45 days then user will not get lock right ?

Read only

FredericGirod
Active Contributor
In response to former_member622718

‎2019 Dec 03 7:59 AM

1,848

I gived you the program RSUSR200, run it, you will see the impact of your change by analysing the date of the last password change

and honestly, this is not the responsability of a basis guy, this is a management decision. Provide the information of the impact & let them choose

Read only

former_member622718
Participant

‎2019 Dec 03 8:17 AM

0 Kudos
1,848

thank you Frederic Girod

Read only

kaus19d
Active Contributor

‎2019 Dec 03 3:24 PM

1,848

Hi Manoj Kumar,

I see that for your doubt, you have posted this question more than once. Anyways, coming to your query, in addition to what our friends already mentioned, generally you can open the parameter in RZ11 & check the documentation or you can check out the standard documentations like in below,

https://help.sap.com/doc/saphelp_nw70ehp1/7.01.16/en-US/22/41c43ac23cef2fe10000000a114084/content.ht...

https://help.sap.com/viewer/e815bb97839a4d83be6c4fca48ee5777/7.3.19/en-US/4ac3efb58c352470e10000000a...

So, basically the Users whose are locked, you can also check this Lock reason via SUIM for Locked User.

Thanks,

Kaushik