The document describes SAP password rules and configuration options. Key points include:
- Passwords must meet complexity rules like minimum length, inclusion of digits/special characters, and prohibiting common passwords. These rules are configurable via login parameters.
- Invalid passwords can be defined in table USR40 using wildcard characters.
- Passwords are stored as hashed values and cannot be decrypted. Network transfer is unencrypted unless SNC is used.
Fiori Apps are one of the main reasons why most organizations move to S/4HANA.
It offers a completely new and simple user experience (UX) and is based on the in-memory HANA database technology.
However, there are thousands of Fiori applications across 140 business roles in the SAP Fiori apps Library. Not all of them may be relevant to your business.
But, the best part is, you don’t need all your functional consultants and solution architects to determine the relevant Fiori Apps. You can simply use KTern.
Read more: https://ktern.com/article/relevant-sap-fiori-apps-before-s4hana-transformation/
Master data distribution in SAP: implementation guideJonathan Eemans
Often master data is created separately in the different environments of a certain landscape or multiple SAP landscapes. This is time consuming!
Master data distribution can automate this process easily using IDoc’s and ALE.
Fiori Apps are one of the main reasons why most organizations move to S/4HANA.
It offers a completely new and simple user experience (UX) and is based on the in-memory HANA database technology.
However, there are thousands of Fiori applications across 140 business roles in the SAP Fiori apps Library. Not all of them may be relevant to your business.
But, the best part is, you don’t need all your functional consultants and solution architects to determine the relevant Fiori Apps. You can simply use KTern.
Read more: https://ktern.com/article/relevant-sap-fiori-apps-before-s4hana-transformation/
Master data distribution in SAP: implementation guideJonathan Eemans
Often master data is created separately in the different environments of a certain landscape or multiple SAP landscapes. This is time consuming!
Master data distribution can automate this process easily using IDoc’s and ALE.
Metaphor Consulting Provides Vendor Master Training on Material Management Module.
Metaphor Consulting also provide corporate training on below module...
SAP Course’s Offers:
SAP ABAP / BASAIS
SAP BW / BI / BO
SAP HANA
SAP FI / CO
SAP PP / QM
SAP PM / PS
SAP SD / MM
Table partitioning is a data organization scheme in which table data is divided across multiple storage objects called data partitions.
In SAP HANA database, it is possible to split column-store tables horizontally into disjunctive sub-tables or partitions. The SAP HANA database supports several redistribution operations that use complex algorithms to evaluate the current distribution and determine a better distribution depending on the situation. Partitioning is typically used in distributed systems, but it may also be beneficial for single-host systems. Partitioning is transparent for SQL queries and data manipulation language statements.
In a distributed SAP HANA system, tables are assigned to an index server on a particular host at their time of creation, but this assignment can be changed. In certain situations, it is even necessary.
In SAP HANA side-by-side implementation, SLT will stop replication when SAP HANA table reaches 2 billion records as a non-partitioned table cannot store more than 2 billion rows.
Advantages of partitioning:
+ Load balancing in a distributed system
+ Overcoming the size limitation of column-store tables
+ Parallelization
+ Partition pruning
+ Improved performance of the delta merge operation
+ Explicit partition handling
SAP HANA supports:
- Hash Partitioning
- Range Partitioning
- Round-robin Partitioning
A Chargeback is an amount claimed by a distributor from a manufacturer or vendor for the difference between their initial acquisition price and the actual agreed upon price for products/services sold to a specific end customer or partner.
There are not much documents in the internet world regarding Vistex. In this post, the author has tried to give an overview of the Vistex Chargeback and the bird’s eye view to the common terminologies, screens, transactions and technical objects (user exits, BADIs etc). Hope this post would act as a launch pad to all interested consultants who would like to take deep dive into Vistex.
Below are the contents of the attached document:
i) Definition of Chargeback
ii) Benefits of the Chargeback Application
iii) Chargeback Process
iv) Chargeback Lifecycle
v) Source Documents of Chargeback
vi) Chargeback creation based on Partner Roles with proper agreements
vii) Chargeback creation based on Partner role w/o agreement
viii) Why Partner Roles are important to create Chargeback Document
ix) Chargeback Creation Transaction codes
x) Chargeback Display or Change TCodes
xi) Chargeback Accounting Document Display
xii) Document flow for the accounting document of Chargeback
xiii) Common T-codes/User Exits/BADIs in Chargeback
xiv) High Level Overview from Contract to Chargeback Business Process for a Pharma wholesale business process
xv) Chargeback functions : CB Creation, Document flow and Reconciliation
How to Stabilise and Improve an SAP BusinessObjects BI 4.2 Enterprise Shared ...Nicolas Henry
• Learn how to investigate your SAP BusinessObjects BI 4.2 environment and diagnose
issues causing outages and stability problems
• Understand the various options available to resolve the issues you find and to stabilise
your SAP BusinessObjects BI 4.2 environment
• Consider factors which could have led to the issues on your landscape, and processes
and safeguards you can put into place to avoid future issues
• Identify areas that can be improved to boost the resilience of your SAP BusinessObjects
BI 4.2 platform
Metaphor Consulting Provides Vendor Master Training on Material Management Module.
Metaphor Consulting also provide corporate training on below module...
SAP Course’s Offers:
SAP ABAP / BASAIS
SAP BW / BI / BO
SAP HANA
SAP FI / CO
SAP PP / QM
SAP PM / PS
SAP SD / MM
Table partitioning is a data organization scheme in which table data is divided across multiple storage objects called data partitions.
In SAP HANA database, it is possible to split column-store tables horizontally into disjunctive sub-tables or partitions. The SAP HANA database supports several redistribution operations that use complex algorithms to evaluate the current distribution and determine a better distribution depending on the situation. Partitioning is typically used in distributed systems, but it may also be beneficial for single-host systems. Partitioning is transparent for SQL queries and data manipulation language statements.
In a distributed SAP HANA system, tables are assigned to an index server on a particular host at their time of creation, but this assignment can be changed. In certain situations, it is even necessary.
In SAP HANA side-by-side implementation, SLT will stop replication when SAP HANA table reaches 2 billion records as a non-partitioned table cannot store more than 2 billion rows.
Advantages of partitioning:
+ Load balancing in a distributed system
+ Overcoming the size limitation of column-store tables
+ Parallelization
+ Partition pruning
+ Improved performance of the delta merge operation
+ Explicit partition handling
SAP HANA supports:
- Hash Partitioning
- Range Partitioning
- Round-robin Partitioning
A Chargeback is an amount claimed by a distributor from a manufacturer or vendor for the difference between their initial acquisition price and the actual agreed upon price for products/services sold to a specific end customer or partner.
There are not much documents in the internet world regarding Vistex. In this post, the author has tried to give an overview of the Vistex Chargeback and the bird’s eye view to the common terminologies, screens, transactions and technical objects (user exits, BADIs etc). Hope this post would act as a launch pad to all interested consultants who would like to take deep dive into Vistex.
Below are the contents of the attached document:
i) Definition of Chargeback
ii) Benefits of the Chargeback Application
iii) Chargeback Process
iv) Chargeback Lifecycle
v) Source Documents of Chargeback
vi) Chargeback creation based on Partner Roles with proper agreements
vii) Chargeback creation based on Partner role w/o agreement
viii) Why Partner Roles are important to create Chargeback Document
ix) Chargeback Creation Transaction codes
x) Chargeback Display or Change TCodes
xi) Chargeback Accounting Document Display
xii) Document flow for the accounting document of Chargeback
xiii) Common T-codes/User Exits/BADIs in Chargeback
xiv) High Level Overview from Contract to Chargeback Business Process for a Pharma wholesale business process
xv) Chargeback functions : CB Creation, Document flow and Reconciliation
How to Stabilise and Improve an SAP BusinessObjects BI 4.2 Enterprise Shared ...Nicolas Henry
• Learn how to investigate your SAP BusinessObjects BI 4.2 environment and diagnose
issues causing outages and stability problems
• Understand the various options available to resolve the issues you find and to stabilise
your SAP BusinessObjects BI 4.2 environment
• Consider factors which could have led to the issues on your landscape, and processes
and safeguards you can put into place to avoid future issues
• Identify areas that can be improved to boost the resilience of your SAP BusinessObjects
BI 4.2 platform
Coffee has caffeine that is found to be toxic to dogs especially when ingested in large amounts. If your dog gets a quick taste of your cup of coffee, don't worry. Nothing bad will happen to your dog. However, if your dog drinks it regularly in large amounts, you should be worried as your dog can become ill.
Discover the surprising facts about the question whether or not dogs can drink coffee can be found at www.Petfoodia.com
PortalGuard’s Password Management will increase the security of passwords by adding features such as more granular password quality rules, history, expiration and lockout due to incorrect logins. This is especially beneficial for applications failing to meet compliance requirements, such as homegrown web applications or custom SQL user repositories. Administrators can easily manage multiple password policies while users are given usability features such as password meters and password expiration reminders synched with their email client calendar.
Watch tutorial here: http://pg.portalguard.com/configurable_password_management_tutorial
This OTP presentation explains a whole overview of OTP, Method of Generating, Algorithm, Security and Performance Analysis, Method of Delivering, and N-Factor Authentication.
Samsung mobile phone codes................................... see which ones can help you.........try to unlock, reset, or even just play around with them...............back up your phone first though, if not information might be lost
A common concern across organizations is that users have too many passwords to man-age, each with a separate management interface to become familiar with. This creates user frustration and increased costs around Help Desk and IT support. Enterprise single sign-on (SSO) is looked at as a solution but for many organizations it proves too costly and many encounter internal resistance due to security concerns.
Password synchronization is a possible midpoint that can ease user frustrations by ena-bling access to different systems using the same password and a single interface. This proves easier to implement than SSO and most solutions can force enrollment and do not require client-side software.
However, organizations have struggled with forgotten passwords as a sticking point with password synchronization as each system must be reset independently.
PortalGuard addresses these challenges by providing a cost-effective, flexible approach to server-based password synchronization plus self-service password reset allowing users to easily manage passwords for multiple systems from a single, consistent interface.
http://www.portalguard.com
This solution is designed to help you to manage and track the critical information created at the time of weighing and label products in an easy and flexible manner.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
126611584 sap-password
1. SAP Password
1. Which rules apply to changing passwords?
When an administrator creates a user account (of the type DIALOG or COMMUNICATION, see Note 622464), they
assign an initial password that must be changed immediately when it is first used.
The lifetime of initial passwords can be restricted (see Notes 379081 and 450452).
Passwords that are reset by the administrator must also be changed by the user during the next (interactive) logon.
The lifetime of reset passwords can be restricted (see Notes 379081 and 450452).
By default, the password must have at least three characters. You can change this value using the profile parameter
login/min_password_lng.
The password can have a maximum of eight characters (ABAP systems up to Release 7.0). As of NetWeaver 7.0, ABAP
systems support longer passwords (up to 40 characters) and also differentiate between lowercase letters and uppercase
letters (see Note 862989).
? or ! cannot be the first character of a password.
The first three characters of the password cannot occur in the same order in the user ID.
Remark: As of Release 6. 10 (Web Application Server), this rule was removed. It applies only in all releases up to
Release 4.6D.
The first three characters cannot be identical.
The first three characters cannot be blank characters.
Remark: As of Release 6. 10 (Web Application Server), this rule no longer applies. The system checks this only in
releases up to Release 4.6D.
The password cannot be "PASS" or "SAP*".
The administrator can define patterns of "illegal passwords" (table USR40).
You can use all characters from the syntactical character set, that is, all letters, digits, and some special characters.
Remark: As of Release 6. 10 (Web Application Server), the password rules were enhanced. In these releases, you can
define the minimum number of digits, characters, or special characters that must be contained in the new password.
login/min_password_digits
login/min_password_letters
login/min_password_specials
The system does not differentiate between uppercase and lowercase (ABAP systems up to Release 7.0). As of
NetWeaver 7.0, ABAP systems support longer passwords (up to 40 characters) and also differentiate between lowercase
letters and uppercase letters (see Note 862989).
The password can be changed by the user only after the correct old password was entered.
Remark: Prior to Release 6. 20 (Web Application Server), the password can be changed only during the logon
procedure. As of Release 6.20, the password can also be changed by following the menu path "System > User Profile >
Own Data" (SU3).
The new password must differ from the old password by at least one character (that is, they cannot be identical).
Page: File:
1 of 10 130466570.doc
2. SAP Password
Remark: As of Release 6. 10 (Web Application Server), you can define the minimum number of characters that must be
different between the old password and the new password (login/min_password_diff).
The last five passwords that were chosen by the user are stored in a user-specific password history and cannot be
reused.
Remark: The size of the password history is static (5) and cannot be maintained (ABAP systems up to Release 7.0). As
of NetWeaver 7.0, you can define the size of the password history (see Note 862989: login/password_history_size).
The password can be changed by the user once a day at the most. This rule prevents users from bypassing the
password history rule. As of NetWeaver 7.0, you can configure this lock period (see Note 862989:
login/password_change_waittime).
Remark: The administrator can reset user passwords at any time. In this case, during the next logon, the system prompts
the user to change the password. The lock period mentioned above applies only to cases in which the user requests a
password change. For forced password changes, it is disabled.
Changed password rules do not affect old passwords. Password rules are evaluated only during the password change
itself.
As of NetWeaver 7.0, you can specifically prompt certain users to change their passwords early. These are users whose
passwords do not comply with the current password rules (see Note 862989:
login/password_compliance_to_current_policy).
As of Release 6.10, you can use the function module PASSWORD_FORMAL_CHECK to determine whether a given
string corresponds to the current password rules.
2. What can be configured in the system?
The following profile parameters are available for setting password rules and preventing unauthorized logons:
login/min_password_lng
This parameter defines the minimum length of the password.
Default value: 3
Allowed values: 3 - 8 (as of Release 7.0: 1 - 40)
login/min_password_digits (as of Release 6.10)
This parameter defines the minimum number of digits (0-9) in passwords.
Default value: 0
Allowed values: 0 - 8 (as of Release 7.0: 1 - 40)
login/min_password_letters (as of Release 6.10)
This parameter defines the minimum number of letters (A-Z) in passwords.
Default value: 0
Allowed values: 0 - 8 (as of Release 7.0: 1 - 40)
login/min_password_specials (as of Release 6.10)
This parameter defines the minimum number of special characters in passwords.
Special characters are: !"@ $%&/()=?'`*+~#-_.,;:{[]}<>
Default value: 0
Allowed values: 0 - 8 (as of Release 7.0: 1 - 40)
login/min_password_diff (as of Release 6.10)
This parameter defines the minimum number of characters that must be different in the new password in comparison to
the old password. (The system tries to find the best match by rotating both passwords. More detailed information about
this is available in the online documentation (RZ11)).
Default value: 1
Allowed values: 1 - 8 (as of Release 7.0: 1 - 40)
Page: File:
2 of 10 130466570.doc
3. SAP Password
login/password_expiration_time
This parameter defines the number of days after which the password must be changed.
Default value: 0 (no limit)
Allowed values: Any numeric value
login/fails_to_session_end
This parameter defines the number of unsuccessful logon attempts before the system closes the session. We
recommend that you set this parameter to a lower value than the value of the parameter login/fails_to_user_lock.
Default value: 3
Allowed values: 1 - 99
login/fails_to_user_lock
This parameter defines the number of unsuccessful logon attempts before the system locks the user.
By default, users that were locked due to unsuccessful logon attempts are unlocked at midnight.
Default value: 12 (as of Release 7.0: 5)
Allowed values: 1 - 99
login/failed_user_auto_unlock
This parameter defines whether password locks (that were set due to multiple failed password logon attempts) are
automatically to be considered as expired at midnight.
Default value: 1 (as of Release 7.0: 0)
Allowed values: 0, 1
login/no_automatic_user_sapstar
For information, see Notes 2383 and 68048.
Remark: The default value was changed as of NetWeaver 7.0.
rdisp/gui_auto_logout
This parameter defines the maximum idle time in seconds for a user (valid only for SAP GUI connections).
Default value: 0 (no limit)
Allowed values: Any numeric values
In addition, in the table USR40, you can define character combinations or terms that cannot be used as passwords. In
this table, you can use the characters "*" and "?" as wildcards. The character "?" represents a single character, and the
character "*" represents a character string.
Remark: The table USR40 was not designed to contain thousands of single values for "illegal passwords" (negative
dictionary). Instead, the system expects pattern values. Possible new passwords are compared with all the entries in the
table USR40. Since this restriction was not entirely clear, and because many customers filled their table USR40 with
thousands of single values, we have optimized the search within the table. For more information, see Note 618630.
Examples:
123* prohibits all passwords that begin with "123", such as "123456" or "123123".
P?SS prohibits passwords like "PASS", "PBSS", and so on.
*? ?* prohibits passwords that contain blank characters (between words).
3. How is the password stored?
The password is stored in the database as a hash value (a reversal is not possible: the relevant plaintext password
cannot be determined from the hash value). MD5 and (as of NetWeaver 7.0) SHA-1 with a deterministic "Salt" are used
as the hash functions. As of NetWeaver 7.1, password hash procedures with a randomly generated "Salt" are also
supported (see Note 991968).
4. How is the password transferred using the network?
Currently, the data stream between the front end and the application server is only compressed. To encrypt data for the
transfer, use our Secure Network Communications (SNC) and an external security product. Using SNC enables a user
authentication that is not based on passwords. Therefore, it is not necessary to send any password data using the
network.
Page: File:
3 of 10 130466570.doc
4. SAP Password
There is no option for us to encrypt the data stream between the application server and the database server. Contact
your database provider for information about which options are available.
5. Can a user without an authorization profile execute functions in the SAP system?
Users who do not have an authorization profile can execute only functions for which no authorization checks are carried
out. However, there should be very few of these functions.
If you discover deficiencies in this area, report them to the SAP Development department.
(In the case of an emergency, you can use a modification to implement checks. In transaction SE93, maintain an
authorization object and its values to check the affected transaction).
Password Control in SAP Systems
There are two ways in which you can define your choice of user passwords:
• You can use the system profile parameters to assign a minimum length for the passwords and define
how often the user has to set new passwords.
• Invalid passwords can be entered in the table of reserved passwords, USR40. This table is
maintained with transaction SM30. The entries can also be made generically:
- ? denotes one character
- * denotes a character string
The SAP System also has pre-defined password rules. You can control passwords with profile parameters
login*
login/min_password_lng - Defines the minimum allowed length of a new password.
login/password_expiration_time - Defines the expiration period of the password
login/fails_to_user_lock - Locks the user after the specified amount of wrong logon attempts; user is
unlocked at midnight if the login/failed_user_auto_unlock parameter is set
login/fails_to_session_end - Ends the user.s session after the specified amount of wrong logon attempts
login/disable_multiple_gui_login - Refuses multiple logon of users; only users listed in
login/multi_login_users are allowed for multiple logon
login/min_password_diff - Defines the minimum number of different characters between old and new
password including rotation
login/password_max_new_valid - Defines the validity period of passwords for newly created users
login/password_max_reset_valid - Defines the validity period of passwords reset
login/min_password_digits/_letters/_specials - Defines the minimum number of digits/letters/special
characters in the password
login/disable_password_logon and login/password_logon_usergroup
Controls the deactivation of password-based logon
login/disable_cpic -Refuses incoming connections of type, CPIC
rdisp/gui_auto_logout - Defines the time for automatic SAPGUI logout
login/no_automatic_user_sapstar Controls the SAP* user
Default password, and protecting SAP*
Page: File:
4 of 10 130466570.doc
5. SAP Password
Starting with installations of SAP Web Application Server release 6.10 and higher, the passwords of SAP*
and DDIC are selected during the installation process.
Use the User Information System or report RSUSR003 to monitor the passwords of all
predefined users.
If possible, make use of the profile parameter, login/no_automatic_user_sapstar.
If you create a new client the default password for SAP* is pass. If you delete SAP* userid, logon is possible
with SAP* /pass.
The DDIC user maintains the ABAP dictionary and software logistics. The system automatically creates a
user master record for user SAP* and DDIC in client 000 when
the SAP System is installed. This is the only user who can log on to the SAP System
during a release upgrade.
Do not delete or lock user DDIC because it is required for certain installation and set-up tasks. User DDIC
needs extensive authorization. As a result, the profile SAP_ALL is allocated to it. The users, SAP* and DDIC,
should be assigned to user group SUPER to prevent unauthorized users from changing or deleting their user
master record.
Default clients in an SAP System:
• Client 000 is used for customizing default settings. SAP imports the customized settings into this client in
future SAP System releases during the upgrade process or even with support packages. Client 000 should
not be used to customize data input or development.
• Client 066 is used by the SAP EarlyWatch service and should not be used ordeleted by the customers.
Please refer to new password rules
Table USR40 in BK2 / BK1:
Page: File:
5 of 10 130466570.doc
6. SAP Password
SAP Password Rule Description
New passwords must be 8 letters (and/or numbers and/or most special characters) in length.
Cannot use a password that has been used before...... it remembers back 5 passwords.
After changing your password, you have to wait one day in order to change it again.
When changing your password, the new one must differ by at least one character.
SAP passwords are not case sensitive.
Passwords expire after 60 days.
Passwords expire after 60 days.
6 incorrect passwords and the account is locked, and SAP Helpdesk has to be contacted to unlock account.
Passwords can't have the symbols "?" or "!" as the first character.
The first 3 characters cannot occur in the same order in the Userid.
First 3 chararacters cannot be identical.
First 3 characters cannot contain a space.
Invalid Passwords: Table USR40
• 12345678
• qwertyui
• asdfghjk
• zxcvbnm
• february
• november
• december
• pass
• sap*
Password Management in the SAP System
A user account must have a password in order to be able to connect to the SAP system. When a user is
created in SAP, an initial password is assigned to the user account. The initial password can be explicitly
specified or system generated. The user is prompted to change the password on first logon attempt.
It is important to ensure that both the initial and new passwords must not be trivial.
A number of parameters can be used to manage password in SAP.
These include:
Login/password_expiration_time: This parameter defines the number of days after which a password must
be changed.
Login/min_password_lng: This parameter defines the minimum password length.
Page: File:
6 of 10 130466570.doc
7. SAP Password
Login/min_password digit: This parameter defines the minimum number of digits (0-9) in a password.
Login/min_password_letters: This parameter defines the minimum number of letters or alphabets (A-Z) in a
password.
Login/min_password_special: This parameter defines the number of special characters in a password. These
special characters include (), !, , $, %,:,’, “, ;, =, &, #, },],{,[, >, <.
Login/min_password_diff: This parameter defines the number of differing characters from previous
password.
In order to enforce password complexity and ensure that passwords that can be easily guessed are not
specified in the system, SAP provides table USR40, which is used to define prohibited passwords.
This table houses words that cannot be used as password in the SAP system.
? and * are two wild characters that can be used in conjunction with words defined in the USR40 table. While
? addresses single character, * addresses sequence of any combination of characters of any length.
For example, 123* forbids password that begins with 123; *123* forbids any password that contains the
sequence 123 and XY? Forbid password that begin with XY and have additional characters such as XYX,
XYY and XYZ.
To define prohibited password, use transaction SE16
Page: File:
7 of 10 130466570.doc
8. SAP Password
SAP SYSTEM SECURITY PARAMETERS
A good number of parameters in the RSPARAM table define how security is enforced in the SAP system.
These parameters have default values defined for them. If many of these default values are not changed,
the integrity of the system can be compromised.
Find following a concise description of some important security-oriented parameters.
Login/no_automatic_user_sapstar
By default, the SAP system is installed with a super user master record called SAP*. If this master record is
deleted, SAP allows a user to logon with a password of “PASS” for the SAP* user. To disallow this “illegal”
entry, set the value to 1. Recommended value is 1.
Login/failed_to_user_lock
This parameter defines the maximum number of unsuccessful logon attempts before the user is locked by
the system. An entry will therefore be recorded in the system log. Recommended value is 6
Login/failed_user_auto_unlock
This parameter activates or deactivates the automatic unlocking of locked users at midnight. It is
advisable that the system/user administrator performs the unlocking of locked users. Recommended value
is 0
Login/fails_to_session_end
This parameter defines the number of times a user may enter a wrong password before the login session is
terminated. Recommended value is 3
Login/gui_auto_logout
This parameter defines the number of inactive seconds after which a user is automatically logged out of
the system. Recommended value is 1800 sec
Login/password_expiration_time
This parameter defines the number of days after which a password must be changed. Recommended value
is 35 days
Login/min_password_lng
Page: File:
8 of 10 130466570.doc
9. SAP Password
This parameter defines the minimum password length. Recommended value is 8
*Login/min_password digit
This parameter defines the minimum number of digits (0-9) in a password.
*Login/min_password_letters
This parameter defines the minimum number of letters or alphabets (A-Z) in a password.
*Login/min_password_special
This parameter defines the number of special characters in a password. These special characters include
(), !, , $, %,:,’, “, ;, =, &, #, },],{,[, >, <
*Login/min_password_diff
This parameter defines the number of differing characters from previous password.
Rec/client
This parameter activates or deactivates automatic table logging. It is recommended to switch it on,
however, resource utilization, table(s) to be logged and log volume should be critically analyzed.
Auth/rfc_authority_check
This parameter defined how S_RFC object is checked during RFC calls. When set to a recommended value
of 2, check is active and it performed against SRFC-FUGR.
It would however be helpful is someone has already found a way to get closer to strong password rules
with the help of parameters and/or table USR40.
I have not found a way to include a rule that the user password may not include (part of) the user name,
firstname, last name and such things.
These may help you to restict it.
login/disable_cpic = 0
login/disable_multi_gui_login = 0
login/disable_multi_rfc_login = 0
login/disable_password_logon = 0
login/failed_user_auto_unlock = 0
login/fails_to_session_end = 3
login/fails_to_user_lock = 5
login/isolate_rfc_system_calls = 0
login/min_password_diff = 4
login/min_password_digits = 2
login/min_password_letters = 4
login/min_password_lng = 8
login/min_password_specials = 0
login/no_automatic_user_sapstar = 1
login/password_change_for_SSO = 0
login/password_change_for_sso = 0
login/password_charset = 1
login/password_downwards_compatibility = 5
login/password_expiration_time = 90
login/password_max_new_valid = 30
login/password_max_reset_valid = 0
Page: File:
9 of 10 130466570.doc