02-22-2012 5:31 PM
Hi,
I would like to know the possibilities for disabling "new password" option from the sap logon screen. The purpose of this is we are using IDM tool to reset the passwords for SAP. we don't want users to seperately change passwords in SAP. I have seen past postings on this forum but could not find the solution for this.
1. is there any security parameter through which we can achieve this?
2. what are the pros and cons if we change the standard SAP program SAPMSYST.
Thanks,
Sree
02-23-2012 6:53 AM
Hi,
you could change the GUI status menu with tcode SE41, program SAPMSYST, status 0020. Remove the button from application toolbar.
But this would be active for all systems, not only on your Trainee server because you have to modify in DEV, then transport it to all systems...
You might also look into the possibilities of GUIXT where you can change the screens w/o coding changes in SAP. But I have only very delimited experience with that so I can't give you more specs...
And also go through the following link.
http://www.scribd.com/doc/61419657/3/Chapter-2-The-Logon-Process-of-the-SAP-System.
May be it will help you.
Regards,
Anil.
02-23-2012 6:53 AM
Hi,
you could change the GUI status menu with tcode SE41, program SAPMSYST, status 0020. Remove the button from application toolbar.
But this would be active for all systems, not only on your Trainee server because you have to modify in DEV, then transport it to all systems...
You might also look into the possibilities of GUIXT where you can change the screens w/o coding changes in SAP. But I have only very delimited experience with that so I can't give you more specs...
And also go through the following link.
http://www.scribd.com/doc/61419657/3/Chapter-2-The-Logon-Process-of-the-SAP-System.
May be it will help you.
Regards,
Anil.
02-28-2012 4:54 AM
02-23-2012 10:53 AM
we don't want users to seperately change passwords in SAP.
So if a user decides he or she wants different passwords for different systems you force him/her to ask for a landscape wide password reset? What is the benefit of this?
02-28-2012 5:00 AM
Hi Jurjen,
Sorry for the late response. we want users to change the password only through our IDM and not different password in different systems. The benefit we are seeing is to minimize the number of issues on password resets. users often forget their password in individual system and wait for us to reset for them. If password is same through out the landscape its easy for them to remember them and avoid incorrect logins/locks.
Thanks,
Sree
02-28-2012 7:56 PM
> Sorry for the late response. we want users to change the password only through our IDM and not different password in different systems.
By centrally resetting them you can still not control users' behaviour. At their first logon they still have to change their password after each reset and there's (luckily imo) no way to force that new password to be the same in all systems. So all you're doing is force them to change their pasword everywhere even if they've forgotten it in only one system.
Jurjen
02-24-2012 8:49 AM
>>> 2. what are the pros and cons if we change the standard SAP program SAPMSYST.
I am not aware of any pros in this. If you change the program and transport it then please let us know (I want to fetch popcorn and get front row seats :-).
Though questionable, you can set a password from IdM with status "Productive" and then as little trick set the parameter login/password_change_waittime to 1000. That will prevent them from changing the password for 3 years.
So obviously you are just buying time that way and not really solving any problem here. Users should be able to change their own "private" passwords!.
However, 3 years down the line no one will remember this anymore...
Cheers,
Julius
02-28-2012 5:07 AM
Julius,
Sorry for late response. I am waiting for my ABAP team to come back and tell me the Pros and Cons if we change the standard SAP program SAPMSYST. our password parameter is already set to 1 year. even though password status is productive some of users can reset their password by clicking on the "new password' button so we do not want them to change it with out resetting it from IDM. I will let you know if we find any solution to this.
Thanks to Everyone who responded to this question,
Thanks,
Sree