Skip to Content

DDIC user password status showing as "Exists; Password Based Logon is not possible".

Jan 08 at 10:50 AM


avatar image

Dear Expert,

I have a situation wherein user DDIC in report RSUSR003 has password status as "Password Based Login is not possible". Its lock status is showing "Not locked and it is a dialog type of user.

Can you please explain the meaning of this password status.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Joshua Bennett Feb 23 at 09:59 AM

Hi Gautam,

This indicates that the DDIC user's password was deactivated, which can be done via SU01 > Logon Data tab > Password section > Deactivate.

You should be able to verify this by checking the "Password Status" field in the DDIC user's Logon Data tab in SU01 / SU01D / etc., which should read "Password deactivated" and is why you are seeing the RSUSR003 report reflecting a Password Status for DDIC in the respective client of "Password-based logon is not possible".

While a deactivated password will prevent password based logon (even for a Dialog user), one thing to keep in mind that non-password based logon is still possible with a deactivated password (e.g., using SNC for SAP GUI and RFC based front ends, using X.509 user certificates for Web-based front ends, and using SAP logon tickets if using portal / Workplace).

If you'd like more information on password deactivation, consider viewing the "Password Status Info" detail available via the Performance Assistant in the SU01 Logon Data tab. There are a couple user type and profile parameter considerations to keep in mind which are explained here. You can also read about it via the following link:

Hope that helps.



10 |10000 characters needed characters left characters exceeded