Every user requires a configured userid and password to access the SAP system. Initially, the password configured by the SAP system administrator.
On the first logon, user needs to change the password according to the rules/restrictions configured in the system by administrator. The rules/restrictions are configured in the system with some set of the parameters. The parameters with password rules are called as password rules parameters.
Password rules parameters –
| Parameter | Description |
|---|---|
| login/min_password_lng | Specifies the minimum length of the password. The default value is 6. The allowed values are from 3 – 40. |
| login/min_password_digits | Specifies the minimum number of digits (0-9) in passwords. The default value is 0. The allowed values are from 0 – 40. |
| login/min_password_letters | Specifies the minimum number of letters (A-Z) in passwords. The default value is 0. The allowed values are from 0 – 40. |
| login/min_password_lowercase | Specifies the number of characters in lower-case letters a password must contain. The allowed values are from 0 – 40. The default value is 0. |
| login/min_password_uppercase | Specifies the number of characters in upper-case letters a password must contain. The allowed values are from 0 – 40. The default value is 0. |
| login/min_password_specials | Specifies the minimum number of special characters in the password. The special characters allowed are !”@ $%&/()=?’`*+~#-_.,;:{[]}| and space and the grave accent. The default value is 0. The allowed values are from 0 – 40. |
| login/password_charset | This parameter specifies the password characters set. Allowed values are:
There are some other set of parameters with rules which are in effect when changing the password in the SAP system. |
Password changes parameters –
| Parameter | Description |
|---|---|
| login/min_password_diff | Specifies the minimum number of characters that must be different in the new password compared to the old password. The default value is 1. The allowed values are from 1 – 40. |
| login/password_expiration_time | Specifies the validity period of passwords in days. The default value is 0. The allowed values are from 0 – 1000. |
| login/password_history_size | Specifies the number of passwords that the system stores and that the user cannot use again. The allowed values are from 1 – 100. The default value is 5. In this unit is number of entries. |
| login/password_change_waittime | Specifies the number of days that a user must wait before changing the password again. The allowed values are from 1 – 1,000. The default value is 1. In this unit is days. |
Table USR40: Specifying Impermissible Passwords –
Users can be prevented from choosing passwords that administrator/company do not want to allow. Table USR40 contains the prohibited rules for the users.
To add new restriction, the restriction should be entered in table USR40. To maintain the table USR40, SM30 transaction can be used. There are two wildcard characters:
- ? – Specifies a single character
- * – Specifies a sequence of characters in any combination of any length.
Example –
- 567* – Rejects any password that begins with the sequence “567”.
- *567*- Rejects any password that contains the sequence “567.”
- KL?- Rejects all passwords that begin with “KL” and have one additional character like “KLA”, “KLB”, “KLC” and so on.
Table USR40: Adding new restriction –
Step-1: Go to SM30.
Step-2: It navigates to the “Maintain Table Views: Initial Screen”.
Step-3: Enter USR40 in the “Table/View” field. Click on the maintain icon.
Step-4: It displays a informational dialog box showing a caution like below. Click on tick mark.
Step-5: Click on the new entries in the below screen to add a restriction.
Step-6: Now the table is editable.
Enter the restrictions to the table below and click on save to restrictions become active.
Step-7: It prompts for a workbench request. Click on the right mark to proceed. Once the work bench request completed, all the restrictions added in effect.
