Solved: Mass password change?

Former Member · ‎01-12-2007

Is there a way to do a mass change of passwords in our test system? Is a CATT script the only way?

Former Member · ‎01-12-2007

Hi,

That is the best way. If you have template created once.

You can use, as and when required.

Cheers

Soma

Former Member · ‎01-12-2007

Hi,

That is the best way. If you have template created once.

You can use, as and when required.

Cheers

Soma

fredrik_borlie · ‎01-15-2007

Hi Linda, I have not yet run into a standard way of masschanging passwords.

At my company we therefore created our own testuser management program.

It basically is a wrapper for the BAPI_CHANGE_USER function which loops through the selection list and sets the initial password for every user.

There is also a workaround (not supported!!!) to go around the initial password.

The field USR02-LTIME acts as a flag if it is 000000 and prompts the user to change the password when logging on. However SAP does not like manipulating this data so be aware!

I only know that this works up to WebAS 6.40.

Best regards

Fredrik

WolfgangJanzen · ‎01-15-2007

Hi Linda,

may I ask for the reason? Why do you want (all) your users to change their passwords?

Did you tighten the password rules and want everybody to comply with the new password rule, immediately? In that case, you should make sure to bother only those users whose current password does not comply with the new password policy. As of NetWeaver 2004s (aka "7.00") there is such a mechanism provided in the standard, see <a href="https://service.sap.com/sap/support/notes/862989">SAP Note 862989</a> (login/password_compliance_to_current_policy = 1).

Regards, Wolfgang

Former Member · ‎01-15-2007

Hello Wolfgang,

Actually I want to do this in our test environment. We expect to have about 50 users doing a stress test and the fear was that they wouldn't know their passwords in the test system, and so we just wanted to blanket change their passwords.

Thank you,

Linda

WolfgangJanzen · ‎01-15-2007

Oh, I understand: you want to make sure that all your testers can start their work without bothering the administrator.

Well, quite a common approach is:

- create a service user which is equipped with the required authrorizations to create users (and to assign certain authorizations / roles)

- create a template user (e.g. "TESTER")

- publish the logon data of that service user (to your testers)

- tell them that they can simply create their own users by logging onto the system using the service user and using starting transaction SU01 to copy the template user ("TESTER") to their own user

-> they can choose their own userID and password but are restricted to the authorizations that are assigned to the template user (respectively: the authorizations that can be assigned to users using the service user)

Cheers, Wolfgang

WolfgangJanzen · ‎01-15-2007

Well, some guys even automate the "create user using template user" by using the SAPGUI logon user-exit:

If the service user logs onto the system then the user-exit will prompt the user to enter his username; the script will create a user (with that name) by copying the template user. Afterwards the user needs to logoff and logon again (with his newly created account).