Password Management (SAP Library - System Landscape Administration with SAP NetWeaver Administrator)

Password Management

Use

Users require a password to be able to log on with user ID and password. As administrator you need to define or generate an initial password for newly created users. If users forget their passwords, you can also define or generate a new password for them.

You can also disable a user’s password. A user with a disabled password cannot log on with a password, but can still log on under certain circumstances.

Prerequisites

● The user management property ume.logon.security_policy.password_change_allowed is set to TRUE (default value). If it is set to FALSE, resetting a user’s password has no effect. See Structure link Security Policy.

● If you want to change a user’s password or automatically generate a user’s password, e-mail notification must be activated, otherwise the system cannot notify users about their new password. See Structure link Notification by E-Mail.

Features

Defining Initial Passwords or Changing Passwords

You have the following options for defining initial passwords for new users, or changing an existing user’s password:

Caution

You must enable E-mail notification for this feature, otherwise the system cannot notify users of their new password.

E-mail notification sends the logon passwords in plain text.

● Define a user’s password in the user details view

The user receives a notification e-mail containing the new password and is prompted to change his or her password the next time he or she logs on.

● Generate a password for the user in the user details view

The system automatically generates a new password for the user. The user receives a notification e-mail containing the new password and is prompted to change his or her password the next time he or she logs on.

Disabling Passwords

You can disable a user’s password. The user can no longer log on using a password, but only with Single Sign-On variants (X.509 certificate, logon ticket). This is useful if you do not require password-based logon, because logon is performed exclusively in other ways (such as using client certificates). In this case, deactivating the password increases security, as passwords that are not used are usually still initial.

Resetting Passwords

Administrators can reset a user’s password. Users whose passwords have been reset are asked to change their password the next time they log on. They must first enter their old password and then enter the new password twice. Users do not receive a notification e-mail when their password is reset.

Note

The SAP Web AS ABAP data source does not support this function. For more information, see Structure link AS for ABAP User Management as Data Source.

Password Rules

You can specify password rules in the security policy. For example, you can define after which length of time a password automatically expires, or how many digits a password must contain. You define these rules in the UME properties. For more details, see Structure link Security Policy.

Self Management

If you want users to be able to manage their own passwords, assign the action UME.Manage_My_Password to everyone. If you allow users to manage their own profiles, this action is not necessary. See also User Profile.

Activities

Activity	How to Perform the Activity
Reset a user’s password	... 1. Search for the user. 2. In the search results list, select the user. 3. Choose Reset Password. You are prompted to write a reason for resetting the user’s password. This text appears on the Account Information tab of the user profile. 4. Enter a reason and choose Expire Passwords. The system prompts the user to change his or her password the next time he or she logs on.
Define a user’s password in the user details view	... 1. Search for the user. 2. In the search results list, select the user. The user details view appears. 3. In the user details view, choose Modify. 4. On the General Information tab, select Define Initial Password. 5. Enter the new password in the Define Password field and reenter it in the Confirm Password field. 6. Choose Save. The system sends the user a notification e-mail containing the new password and prompts him or her to change this password the next time he or she logs on.
Generate a user’s password	... 1. Search for the user. 2. In the search results list, select the user. The user details view appears. 3. In the user details view, choose Modify. 4. On the General Information tab, select Generate Password. 5. Choose Save. The system sends the user a notification e-mail containing the new password and prompts him or her to change this password the next time he or she logs on.
Disable a user’s password	... 1. Search for the user. 2. In the search results list, select the user. The user details view appears. 3. In the user details view, choose Modify. 4. On the General Information tab, select Disable Password. 5. Choose Save.