The Logon Data tab page and the dialog box for changing the password on the initial screen of user administration transaction SU01 always display the status of the password.
The meaning of these displays depends on whether the system is a CUA central system with global initial password assignment or a standalone system (or a CUA central system with an equivalent setting in the CUA distribution parameters, such as initial password = proposal).
● Standalone System
The password status corresponds to the status in the database.
● CUA Central System
The password status corresponds to the initial password to be newly assigned before saving, since it is not possible to determine and display the individual password statuses from the child systems.
Depending on the type of password change, the password status is changed to Password deactivated or Initial password (set by administrator).
Possible Password Statuses
● Initial password (set by administrator)
The user administrator (and not the user himself or herself) assigned this password. The user is prompted to change the password at his or her next logon, to ensure that only he or she knows the password.
● Productive password
The password was set by the user.
● Password deactivated
The password has been deactivated, that is, the user can no longer log on to the system with a password.
Special Features of Password Status for Special User Types
The password for the user types service and system can only have the status productive password or password deactivated. When creating a reference user, it is no longer necessary to specify a password. Since it is not possible to log on at all with a reference user, the password is automatically deactivated for a reference user. This also applies when copying and renaming a user of type Reference.
In addition to the user type Reference user, the system displays the message Logon not possible. If you change any user type to a reference user, the previous password and password status (relating to the previous user type) and always retained.
Additional Information on the Logon Data Tab Page
If a user’s password has not been deactivated, the Logon Data tab page displays the following information in the first line under password, in the specified order:
● If profile parameter login/disable_password_logon is activated: Password logon not possible (deactivated system-wide)
● If the user has been locked due to incorrect logon attempts: Password logon not possible (too many incorrect logon attempts)
● If profile parameter login/password_max_idle_initial is activated: Password logon not possible (initial password has expired)
● If profile parameter login/password_max_idle_productive is activated: Password logon not possible (productive password has expired)