Skip to Content
Former Member
Apr 02, 2008 at 12:34 PM

Best practice - backend R/3 password for Portal users


What do you guys consider best practice when it comes to the backend R/3 password for a Portal-only user?

I have +700 Portal users which off course have normal R/3 accounts with Portal related authorization roles. When created they are assigned a password, but as they only access the Portal via SSO they are never prompted for password change in the backend R/3 system. Hence the password remains “Initial Password” but at the same time “Last Logon” changes every day as they access the Portal.

Imagine the confusion when executing the RSUSR200 report I (and the auditors) am presented with the fact that users have logged on but have not yet changed the initial password.

Do I make the password “Inactive” in SU01?