Setting Password Controls (SAP Library - Users and Roles (BC-CCM-USR))

Setting Password Controls

You can set controls on user passwords in two ways:

With system profile parameters, you can specify a minimum length for passwords. You can also specify how frequently users must choose new passwords.

With a reserved-password table, you can specify passwords that users may not choose. Generic specifications are possible.

Setting Password Length and Validity

Use the following system profile parameters to specify the minimum length of a password and the frequency with which users must change their password.

login/min_password_lng: minimum password length.

Default value: Three characters. You can set it to any value between 3 and 8.

login/password_expiration_time: number of days after which a password expires

To allow users to keep their passwords without limit, leave the value set to the default 0.

Specifying Impermissible Passwords

You can prevent users from choosing passwords that you do not want to allow. To prohibit the use of a password, enter it in table USR40. You can maintain table USR40 with Transaction SM30.

In USR40, you can specify impermissible passwords generically if you want. There are two wildcard characters:

? stands for a single character

* stands for a sequence of any combination characters of any length.

123* in table USR40 prohibits any password that begins with the sequence "123."

*123* prohibits any password that contains the sequence "123."

AB? prohibits all passwords that begin with "AB" and have one additional character: "ABA", "ABB", "ABC" and so on.