Profile parameter values and security policy attributes control the system behavior for password rules, password changes, and logon restrictions. Security policies replace the behavior definition with profile parameters.
As soon as you assign a security policy to a user master record, it defines the desired behavior. Profile parameter values only remain relevant for any user master records to which no security policies have been assigned. A security policy is a collection of security policy attributes and their values. All available security policy attributes are contained, with default values, in every security policy. As an administrator, you can assign your own values that deviate from the default values. The advantage of security policies is that you can assign them on a user and client-specific basis. However, there are profile parameters that continue to apply system-wide, and which are not replaced by a security policy, such as parameter login/system_client.