Security Policy 
These properties enable you to define the security policies for logon IDs and passwords in the User Management Engine (UME).
Security Policy Properties of the UME
Property |
Value |
Description |
ume.logon.security_policy. |
Default value is 60. 0 = Deactivate this option. The user remains locked. |
Number of minutes before a user ID is unlocked after a series of failed logon attempts. |
ume.logon.security_policy. |
Default value is 6. Possible values: 0 to 9999 0 = Infinite number of failed logon attempts allowed. |
Number of failed logon attempts before user is locked. This is automatically set to 0 if you have a combined AS for Java + ABAP installation. |
ume.logon.security_policy. |
|
See Security Audit. |
ume.logon.security_policy. |
|
See Security Audit. |
ume.logon.security_policy. |
Default value is FALSE. |
Defines whether old password can be part of new password. The UME checks the old and new password against each other when the user attempts to change the password. |
ume.logon.security_policy. |
Default value is 1. |
Minimum number of alphabetic and numeric characters in passwords. For example if the property is set to 3, passwords must contain at least 3 letters and at least 3 numbers. |
ume.logon.security_policy. |
Default value is TRUE. |
When enabled this property enables all users globally to change their own password. We recommend you leave this property set to TRUE. In conjunction with this property, you can assign the action UME.Manage_My_Password. See Standard UME Actions. When FALSE, users cannot change their own password, not even at the logon screen. A user, whose password has expired, cannot change it. Only the administrator can change the password. Administrators cannot reset passwords.
You can set this property to FALSE, when you have LDAP as a user source and you do not perform password management with SAP NetWeaver or the portal. |
ume.logon.security_policy. |
Default value is TRUE. |
Determines if a newly created user is required to change his or her initial password when he or she first logs on. |
ume.logon.security_policy. |
Default value is 90. |
Number of days before password expires. This is automatically set to 9999 if you choose a AS for ABAP as the user data source during installation. |
ume.logon.security_policy. |
Default value = 0. |
The UME can store the hash value of user passwords. Set this value to prevent users from reusing the same password after their old password expires. Although this value is for practical purposes freely configurable (you can set the value in the trillions), a more useful value might be 5. Use a value that is appropriate for your application.
Set this value to zero (0) if your user data source (such as AS for ABAP) already has a password history checking mechanism. |
ume.logon.security_policy. |
A date in the format MM/DD/YYYY. Default value is 12/31/9999. |
If a user has never changed his or her password using the AS for Java, this date counts as the last date on which the user changed his or her password. See also:
ume.logon.security_policy. |
ume.logon.security_policy. |
Default value is 0. Possible Values: 0 to 2147483647. Value = 0: This check is deactivated. |
Number of days after which a user’s password is locked if the user did not successfully log on with user ID and password in that time. If a user’s password is locked, he or she can no longer log on with password and will have to contact the system administrator to get a new password. |
ume.logon.security_policy. |
Default value is 14. |
Maximum password
length. This must not be less than the cumulated values of the properties
password_mix_case_ If you are using a SAP Web AS ABAP Engine as user data source, this value should be less than or equal to 8. |
ume.logon.security_policy. |
Default value is 5. |
Minimum password length. |
ume.logon.security_policy. |
Default value is 0. |
Minimum number of upper and lower case letters in passwords. For example if the property is set to 3, passwords must contain at least 3 lower case letters and at least 3 upper case letters. |
ume.logon.security_policy. |
Default value is 0. |
Minimum number of special characters in passwords. |
ume.logon.security_policy. |
A date in the format MM/DD/YYYY. Default value is 12/31/9999. |
If a user has never logged on with user ID and password, then this date counts as the last date on which the user successfully logged on with user ID and password. Depending on the value of
ume.logon.security_policy. |
ume.logon.security_policy. |
Default value is 0. Value < 0: Digits are not allowed. Value = 0: Digits are allowed. Value > 0: Digits are required. |
Minimum number of digits in user logon ID. |
ume.logon.security_policy. |
Default value is FALSE. |
Defines whether user ID can be part of password. |
ume.logon.security_policy. |
Default value is 0. Value < 0: Lowercase characters are forbidden. Value = 0: Lowercase characters are allowed. Value > 0: Lowercase characters are required. |
Minimum number of lowercase characters in user logon ID. |
ume.logon.security_policy. |
Default value is 0. Value < 0: Special characters are forbidden. Value = 0: Special characters are allowed. Value > 0: Special characters are required. |
Minimum number of special characters in user logon ID. |
ume.logon.security_policy. |
Default value is 20. |
Maximum length of user ID. This is automatically set to 12 if you have a Java + ABAP installation. If you are using a database as data source for user data, this value must be less than or equal to 200. |
ume.logon.security_policy. |
Default value is 5. |
Minimum length of user ID. |
