Skip to Content

How to enforce basic password rules in SAP ?

Nov 07, 2016 at 11:11 AM


avatar image

Hello SAP lovers and experts,

I'm new to SAP BC and I have to apply some security rules to passwords, I inserted below what was asked and how I applied it. Can anyone tell me if I applied the proper rules ? I often used USR40, did I use it right ? Also, should I set the rules in the default profile or instance, what's the difference ?

  • 8 characters password login/min_password_lng
  • different than the user ID or his name USR40 filled with user IDs and names
  • Atleast one char and letter, do not use the smae character in a row login/min_password_letters,login/min_password_digits and USR40 (*AAA*, *BBB*, *CCC*...)
  • Not end or start with a letter USR40 (1*, 2*, 3*.... *1, *2, *3...)
  • Different than the last 5passwords login/password_history_size.
  • No personnal data like phone, birth of place ... USR40 ?
  • Change every 3 month login/password_expiration_time
  • Apply at next logon login/password_compliance_to_current_policy
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Sury Y Nov 07, 2016 at 11:25 AM
10 |10000 characters needed characters left characters exceeded
Dimitri SCHNEIDER Nov 07, 2016 at 01:27 PM

Thanks, that was great help !

I'm still wondering about those two points :

  • Password can NOT contain the user name or ID
  • Password should not contain infos like phone number, date of birth...

I can use USR40, but I would have to update it for each new user, isn't there a way to prevent it automatically ?

10 |10000 characters needed characters left characters exceeded