on 01-20-2015 8:33 AM
Hi All
As I know, the PSS can only reset the user's password whose status is not locked.
My question is that, if the account has been locked because of too many error password inputted, can we use PSS to unlock the locked account and reset the password? While the account which has been locked by administrator should be limited to use PSS
Hope someone can help me, thank you in advance
BR, James
Hi James,
Using PSS, password can be reset in the below scenarios
1. Initial password set by admin and the user hasn't logged in yet. Now user can reset password using PSS
2. For the users where password is deactivated, PSS will not work.
3. PSS will not work if the user is locked by Administrator.
4. User ID locked due to incorrect logon can be reset using PSS where UserID will be unlocked and password will be reset.
5. Number of times a User can reset password in a day depends on the RZ11 parameter login/password_change_waittime
6. PSS can be used to reset the password when it is expired or when the initial password is expired.
7. If the PSS user gives wrong answer, system will show a message that "UserID is Locked" and then user cannot reset his password.
In this scenario, admin can unlock the user to use PSS from the below path
Access Management -> Access Request Administration -> Manage Password Self Service (PSS)
Regards,
Madhu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi James,
Please see below incidents.
1.Administrator plays an important role, if admin locks it then PSS will not work.
2. If user is locked via entering wrong passwords then using PSS it can be unlocked and password can be reset.
3. When passoword is expired using PSS new password can be set. Password Self Service (PSS)
Let me know if you need further info.
Regards,
Nidhi Mahajan.
Hi Madhu
I'm trying to test the scenario "4. User ID locked due to incorrect logon can be reset using PSS where UserID will be unlocked and password will be reset." It seems that PSS cannot be used for the locked User ID because of incorrect logon
Please refer to the snapshot, not sure if there's any configuration to enable this funciton
Best regards
James
Hi James
you beat me to the question!
128 lock is purely incorrect password lock. Any other lock would be due to deliberate lock by system admin
I would be concerned if PSS did not resolve 128 lock - otherwise why both having PSS if user has to perform two request and you have to implement ARQ as well as PSS
Thanks for jumping in with the clarification!
Regards
Colleen
Hi James
This is a security question...
192 = 128 (Incorrect Logon) + 64 (Local System Admin Lock)
It meant the user had incorrect attempts (whatever your password parameter allowed) and so became locked - hence the value 128. However, the System Administrator then came along and added performed a lock (hence the 64). SAP adds locks together so you can see the sequence but only 128 is considered incorrect.
Your use change documents should reflect this sequence
From PSS point of view, 128 is due to password fault whilst all other lock values are deliberate and therefore should go down the ARQ process to be reviewed and approved.
Regards
Colleen
Dear,
For scenario 7 you listed as above, admin can only search its own account ID, but cannot search other accounts in Manage PSS, Is there any configuration that needs to be set?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.