Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Disable "new password" button in SAP logon screen

Go to solution
sreekanth_sunkara
Active Participant

‎02-22-2012 5:31 PM

0 Kudos

Hi,

I would like to know the possibilities for disabling "new password" option from the sap logon screen. The purpose of this is we are using IDM tool to reset the passwords for SAP. we don't want users to seperately change passwords in SAP. I have seen past postings on this forum but could not find the solution for this.

1. is there any security parameter through which we can achieve this?

2. what are the pros and cons if we change the standard SAP program SAPMSYST.

Thanks,

Sree

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎02-23-2012 6:53 AM

0 Kudos

Hi,

you could change the GUI status menu with tcode SE41, program SAPMSYST, status 0020. Remove the button from application toolbar.

But this would be active for all systems, not only on your Trainee server because you have to modify in DEV, then transport it to all systems...

You might also look into the possibilities of GUIXT where you can change the screens w/o coding changes in SAP. But I have only very delimited experience with that so I can't give you more specs...

And also go through the following link.

http://www.scribd.com/doc/61419657/3/Chapter-2-The-Logon-Process-of-the-SAP-System.

May be it will help you.

Regards,

Anil.

7 REPLIES 7

Go to solution
Former Member

‎02-23-2012 6:53 AM

0 Kudos

Hi,

you could change the GUI status menu with tcode SE41, program SAPMSYST, status 0020. Remove the button from application toolbar.

But this would be active for all systems, not only on your Trainee server because you have to modify in DEV, then transport it to all systems...

You might also look into the possibilities of GUIXT where you can change the screens w/o coding changes in SAP. But I have only very delimited experience with that so I can't give you more specs...

And also go through the following link.

http://www.scribd.com/doc/61419657/3/Chapter-2-The-Logon-Process-of-the-SAP-System.

May be it will help you.

Regards,

Anil.

Go to solution
sreekanth_sunkara
Active Participant
In response to Former Member

‎02-28-2012 4:54 AM

0 Kudos

Thanks Anil

Go to solution
jurjen_heeck
Active Contributor

‎02-23-2012 10:53 AM

0 Kudos 
 we don't want users to seperately change passwords in SAP.

So if a user decides he or she wants different passwords for different systems you force him/her to ask for a landscape wide password reset? What is the benefit of this?

Go to solution
sreekanth_sunkara
Active Participant
In response to jurjen_heeck

‎02-28-2012 5:00 AM

0 Kudos

Hi Jurjen,

Sorry for the late response. we want users to change the password only through our IDM and not different password in different systems. The benefit we are seeing is to minimize the number of issues on password resets. users often forget their password in individual system and wait for us to reset for them. If password is same through out the landscape its easy for them to remember them and avoid incorrect logins/locks.

Thanks,

Sree

Go to solution
jurjen_heeck
Active Contributor
In response to jurjen_heeck

‎02-28-2012 7:56 PM

0 Kudos 
> Sorry for the late response. we want users to change the password only through our IDM and not different password in different systems.

By centrally resetting them you can still not control users' behaviour. At their first logon they still have to change their password after each reset and there's (luckily imo) no way to force that new password to be the same in all systems. So all you're doing is force them to change their pasword everywhere even if they've forgotten it in only one system.

Jurjen

Go to solution
Former Member

‎02-24-2012 8:49 AM

0 Kudos

>>> 2. what are the pros and cons if we change the standard SAP program SAPMSYST.

I am not aware of any pros in this. If you change the program and transport it then please let us know (I want to fetch popcorn and get front row seats :-).

Though questionable, you can set a password from IdM with status "Productive" and then as little trick set the parameter login/password_change_waittime to 1000. That will prevent them from changing the password for 3 years.

So obviously you are just buying time that way and not really solving any problem here. Users should be able to change their own "private" passwords!.

However, 3 years down the line no one will remember this anymore...

Cheers,

Julius

Go to solution
sreekanth_sunkara
Active Participant
In response to Former Member

‎02-28-2012 5:07 AM

0 Kudos

Julius,

Sorry for late response. I am waiting for my ABAP team to come back and tell me the Pros and Cons if we change the standard SAP program SAPMSYST. our password parameter is already set to 1 year. even though password status is productive some of users can reset their password by clicking on the "new password' button so we do not want them to change it with out resetting it from IDM. I will let you know if we find any solution to this.

Thanks to Everyone who responded to this question,

Thanks,

Sree