SlideShare une entreprise Scribd logo

SAP Password Rules and Configuration

David Chan
David Chan

The document describes SAP password rules and configuration options. Key points include: - Passwords must meet complexity rules like minimum length, inclusion of digits/special characters, and prohibiting common passwords. These rules are configurable via login parameters. - Invalid passwords can be defined in table USR40 using wildcard characters. - Passwords are stored as hashed values and cannot be decrypted. Network transfer is unencrypted unless SNC is used.

Technologie
1  sur  10
Télécharger pour lire hors ligne
SAP Password 1. Which rules apply to changing passwords? When an administrator creates a user account (of the type DIALOG or COMMUNICATION, see Note 622464), they assign an initial password that must be changed immediately when it is first used. The lifetime of initial passwords can be restricted (see Notes 379081 and 450452). Passwords that are reset by the administrator must also be changed by the user during the next (interactive) logon. The lifetime of reset passwords can be restricted (see Notes 379081 and 450452). By default, the password must have at least three characters. You can change this value using the profile parameter login/min_password_lng. The password can have a maximum of eight characters (ABAP systems up to Release 7.0). As of NetWeaver 7.0, ABAP systems support longer passwords (up to 40 characters) and also differentiate between lowercase letters and uppercase letters (see Note 862989). ? or ! cannot be the first character of a password. The first three characters of the password cannot occur in the same order in the user ID. Remark: As of Release 6. 10 (Web Application Server), this rule was removed. It applies only in all releases up to Release 4.6D. The first three characters cannot be identical. The first three characters cannot be blank characters. Remark: As of Release 6. 10 (Web Application Server), this rule no longer applies. The system checks this only in releases up to Release 4.6D. The password cannot be "PASS" or "SAP*". The administrator can define patterns of "illegal passwords" (table USR40). You can use all characters from the syntactical character set, that is, all letters, digits, and some special characters. Remark: As of Release 6. 10 (Web Application Server), the password rules were enhanced. In these releases, you can define the minimum number of digits, characters, or special characters that must be contained in the new password. login/min_password_digits login/min_password_letters login/min_password_specials The system does not differentiate between uppercase and lowercase (ABAP systems up to Release 7.0). As of NetWeaver 7.0, ABAP systems support longer passwords (up to 40 characters) and also differentiate between lowercase letters and uppercase letters (see Note 862989). The password can be changed by the user only after the correct old password was entered. Remark: Prior to Release 6. 20 (Web Application Server), the password can be changed only during the logon procedure. As of Release 6.20, the password can also be changed by following the menu path "System > User Profile > Own Data" (SU3). The new password must differ from the old password by at least one character (that is, they cannot be identical). Page: File: 1 of 10 130466570.doc
SAP Password Remark: As of Release 6. 10 (Web Application Server), you can define the minimum number of characters that must be different between the old password and the new password (login/min_password_diff). The last five passwords that were chosen by the user are stored in a user-specific password history and cannot be reused. Remark: The size of the password history is static (5) and cannot be maintained (ABAP systems up to Release 7.0). As of NetWeaver 7.0, you can define the size of the password history (see Note 862989: login/password_history_size). The password can be changed by the user once a day at the most. This rule prevents users from bypassing the password history rule. As of NetWeaver 7.0, you can configure this lock period (see Note 862989: login/password_change_waittime). Remark: The administrator can reset user passwords at any time. In this case, during the next logon, the system prompts the user to change the password. The lock period mentioned above applies only to cases in which the user requests a password change. For forced password changes, it is disabled. Changed password rules do not affect old passwords. Password rules are evaluated only during the password change itself. As of NetWeaver 7.0, you can specifically prompt certain users to change their passwords early. These are users whose passwords do not comply with the current password rules (see Note 862989: login/password_compliance_to_current_policy). As of Release 6.10, you can use the function module PASSWORD_FORMAL_CHECK to determine whether a given string corresponds to the current password rules. 2. What can be configured in the system? The following profile parameters are available for setting password rules and preventing unauthorized logons: login/min_password_lng This parameter defines the minimum length of the password. Default value: 3 Allowed values: 3 - 8 (as of Release 7.0: 1 - 40) login/min_password_digits (as of Release 6.10) This parameter defines the minimum number of digits (0-9) in passwords. Default value: 0 Allowed values: 0 - 8 (as of Release 7.0: 1 - 40) login/min_password_letters (as of Release 6.10) This parameter defines the minimum number of letters (A-Z) in passwords. Default value: 0 Allowed values: 0 - 8 (as of Release 7.0: 1 - 40) login/min_password_specials (as of Release 6.10) This parameter defines the minimum number of special characters in passwords. Special characters are: !"@ $%&/()=?'`*+~#-_.,;:{[]}<> Default value: 0 Allowed values: 0 - 8 (as of Release 7.0: 1 - 40) login/min_password_diff (as of Release 6.10) This parameter defines the minimum number of characters that must be different in the new password in comparison to the old password. (The system tries to find the best match by rotating both passwords. More detailed information about this is available in the online documentation (RZ11)). Default value: 1 Allowed values: 1 - 8 (as of Release 7.0: 1 - 40) Page: File: 2 of 10 130466570.doc
SAP Password login/password_expiration_time This parameter defines the number of days after which the password must be changed. Default value: 0 (no limit) Allowed values: Any numeric value login/fails_to_session_end This parameter defines the number of unsuccessful logon attempts before the system closes the session. We recommend that you set this parameter to a lower value than the value of the parameter login/fails_to_user_lock. Default value: 3 Allowed values: 1 - 99 login/fails_to_user_lock This parameter defines the number of unsuccessful logon attempts before the system locks the user. By default, users that were locked due to unsuccessful logon attempts are unlocked at midnight. Default value: 12 (as of Release 7.0: 5) Allowed values: 1 - 99 login/failed_user_auto_unlock This parameter defines whether password locks (that were set due to multiple failed password logon attempts) are automatically to be considered as expired at midnight. Default value: 1 (as of Release 7.0: 0) Allowed values: 0, 1 login/no_automatic_user_sapstar For information, see Notes 2383 and 68048. Remark: The default value was changed as of NetWeaver 7.0. rdisp/gui_auto_logout This parameter defines the maximum idle time in seconds for a user (valid only for SAP GUI connections). Default value: 0 (no limit) Allowed values: Any numeric values In addition, in the table USR40, you can define character combinations or terms that cannot be used as passwords. In this table, you can use the characters "*" and "?" as wildcards. The character "?" represents a single character, and the character "*" represents a character string. Remark: The table USR40 was not designed to contain thousands of single values for "illegal passwords" (negative dictionary). Instead, the system expects pattern values. Possible new passwords are compared with all the entries in the table USR40. Since this restriction was not entirely clear, and because many customers filled their table USR40 with thousands of single values, we have optimized the search within the table. For more information, see Note 618630. Examples: 123* prohibits all passwords that begin with "123", such as "123456" or "123123". P?SS prohibits passwords like "PASS", "PBSS", and so on. *? ?* prohibits passwords that contain blank characters (between words). 3. How is the password stored? The password is stored in the database as a hash value (a reversal is not possible: the relevant plaintext password cannot be determined from the hash value). MD5 and (as of NetWeaver 7.0) SHA-1 with a deterministic "Salt" are used as the hash functions. As of NetWeaver 7.1, password hash procedures with a randomly generated "Salt" are also supported (see Note 991968). 4. How is the password transferred using the network? Currently, the data stream between the front end and the application server is only compressed. To encrypt data for the transfer, use our Secure Network Communications (SNC) and an external security product. Using SNC enables a user authentication that is not based on passwords. Therefore, it is not necessary to send any password data using the network. Page: File: 3 of 10 130466570.doc
SAP Password There is no option for us to encrypt the data stream between the application server and the database server. Contact your database provider for information about which options are available. 5. Can a user without an authorization profile execute functions in the SAP system? Users who do not have an authorization profile can execute only functions for which no authorization checks are carried out. However, there should be very few of these functions. If you discover deficiencies in this area, report them to the SAP Development department. (In the case of an emergency, you can use a modification to implement checks. In transaction SE93, maintain an authorization object and its values to check the affected transaction). Password Control in SAP Systems There are two ways in which you can define your choice of user passwords: • You can use the system profile parameters to assign a minimum length for the passwords and define how often the user has to set new passwords. • Invalid passwords can be entered in the table of reserved passwords, USR40. This table is maintained with transaction SM30. The entries can also be made generically: - ? denotes one character - * denotes a character string The SAP System also has pre-defined password rules. You can control passwords with profile parameters login* login/min_password_lng - Defines the minimum allowed length of a new password. login/password_expiration_time - Defines the expiration period of the password login/fails_to_user_lock - Locks the user after the specified amount of wrong logon attempts; user is unlocked at midnight if the login/failed_user_auto_unlock parameter is set login/fails_to_session_end - Ends the user.s session after the specified amount of wrong logon attempts login/disable_multiple_gui_login - Refuses multiple logon of users; only users listed in login/multi_login_users are allowed for multiple logon login/min_password_diff - Defines the minimum number of different characters between old and new password including rotation login/password_max_new_valid - Defines the validity period of passwords for newly created users login/password_max_reset_valid - Defines the validity period of passwords reset login/min_password_digits/_letters/_specials - Defines the minimum number of digits/letters/special characters in the password login/disable_password_logon and login/password_logon_usergroup Controls the deactivation of password-based logon login/disable_cpic -Refuses incoming connections of type, CPIC rdisp/gui_auto_logout - Defines the time for automatic SAPGUI logout login/no_automatic_user_sapstar Controls the SAP* user Default password, and protecting SAP* Page: File: 4 of 10 130466570.doc
SAP Password Starting with installations of SAP Web Application Server release 6.10 and higher, the passwords of SAP* and DDIC are selected during the installation process. Use the User Information System or report RSUSR003 to monitor the passwords of all predefined users. If possible, make use of the profile parameter, login/no_automatic_user_sapstar. If you create a new client the default password for SAP* is pass. If you delete SAP* userid, logon is possible with SAP* /pass. The DDIC user maintains the ABAP dictionary and software logistics. The system automatically creates a user master record for user SAP* and DDIC in client 000 when the SAP System is installed. This is the only user who can log on to the SAP System during a release upgrade. Do not delete or lock user DDIC because it is required for certain installation and set-up tasks. User DDIC needs extensive authorization. As a result, the profile SAP_ALL is allocated to it. The users, SAP* and DDIC, should be assigned to user group SUPER to prevent unauthorized users from changing or deleting their user master record. Default clients in an SAP System: • Client 000 is used for customizing default settings. SAP imports the customized settings into this client in future SAP System releases during the upgrade process or even with support packages. Client 000 should not be used to customize data input or development. • Client 066 is used by the SAP EarlyWatch service and should not be used ordeleted by the customers. Please refer to new password rules Table USR40 in BK2 / BK1: Page: File: 5 of 10 130466570.doc
SAP Password SAP Password Rule Description New passwords must be 8 letters (and/or numbers and/or most special characters) in length. Cannot use a password that has been used before...... it remembers back 5 passwords. After changing your password, you have to wait one day in order to change it again. When changing your password, the new one must differ by at least one character. SAP passwords are not case sensitive. Passwords expire after 60 days. Passwords expire after 60 days. 6 incorrect passwords and the account is locked, and SAP Helpdesk has to be contacted to unlock account. Passwords can't have the symbols "?" or "!" as the first character. The first 3 characters cannot occur in the same order in the Userid. First 3 chararacters cannot be identical. First 3 characters cannot contain a space. Invalid Passwords: Table USR40 • 12345678 • qwertyui • asdfghjk • zxcvbnm • february • november • december • pass • sap* Password Management in the SAP System A user account must have a password in order to be able to connect to the SAP system. When a user is created in SAP, an initial password is assigned to the user account. The initial password can be explicitly specified or system generated. The user is prompted to change the password on first logon attempt. It is important to ensure that both the initial and new passwords must not be trivial. A number of parameters can be used to manage password in SAP. These include: Login/password_expiration_time: This parameter defines the number of days after which a password must be changed. Login/min_password_lng: This parameter defines the minimum password length. Page: File: 6 of 10 130466570.doc
SAP Password Login/min_password digit: This parameter defines the minimum number of digits (0-9) in a password. Login/min_password_letters: This parameter defines the minimum number of letters or alphabets (A-Z) in a password. Login/min_password_special: This parameter defines the number of special characters in a password. These special characters include (), !, , $, %,:,’, “, ;, =, &, #, },],{,[, >, <. Login/min_password_diff: This parameter defines the number of differing characters from previous password. In order to enforce password complexity and ensure that passwords that can be easily guessed are not specified in the system, SAP provides table USR40, which is used to define prohibited passwords. This table houses words that cannot be used as password in the SAP system. ? and * are two wild characters that can be used in conjunction with words defined in the USR40 table. While ? addresses single character, * addresses sequence of any combination of characters of any length. For example, 123* forbids password that begins with 123; *123* forbids any password that contains the sequence 123 and XY? Forbid password that begin with XY and have additional characters such as XYX, XYY and XYZ. To define prohibited password, use transaction SE16 Page: File: 7 of 10 130466570.doc
SAP Password SAP SYSTEM SECURITY PARAMETERS A good number of parameters in the RSPARAM table define how security is enforced in the SAP system. These parameters have default values defined for them. If many of these default values are not changed, the integrity of the system can be compromised. Find following a concise description of some important security-oriented parameters. Login/no_automatic_user_sapstar By default, the SAP system is installed with a super user master record called SAP*. If this master record is deleted, SAP allows a user to logon with a password of “PASS” for the SAP* user. To disallow this “illegal” entry, set the value to 1. Recommended value is 1. Login/failed_to_user_lock This parameter defines the maximum number of unsuccessful logon attempts before the user is locked by the system. An entry will therefore be recorded in the system log. Recommended value is 6 Login/failed_user_auto_unlock This parameter activates or deactivates the automatic unlocking of locked users at midnight. It is advisable that the system/user administrator performs the unlocking of locked users. Recommended value is 0 Login/fails_to_session_end This parameter defines the number of times a user may enter a wrong password before the login session is terminated. Recommended value is 3 Login/gui_auto_logout This parameter defines the number of inactive seconds after which a user is automatically logged out of the system. Recommended value is 1800 sec Login/password_expiration_time This parameter defines the number of days after which a password must be changed. Recommended value is 35 days Login/min_password_lng Page: File: 8 of 10 130466570.doc
SAP Password This parameter defines the minimum password length. Recommended value is 8 *Login/min_password digit This parameter defines the minimum number of digits (0-9) in a password. *Login/min_password_letters This parameter defines the minimum number of letters or alphabets (A-Z) in a password. *Login/min_password_special This parameter defines the number of special characters in a password. These special characters include (), !, , $, %,:,’, “, ;, =, &, #, },],{,[, >, < *Login/min_password_diff This parameter defines the number of differing characters from previous password. Rec/client This parameter activates or deactivates automatic table logging. It is recommended to switch it on, however, resource utilization, table(s) to be logged and log volume should be critically analyzed. Auth/rfc_authority_check This parameter defined how S_RFC object is checked during RFC calls. When set to a recommended value of 2, check is active and it performed against SRFC-FUGR. It would however be helpful is someone has already found a way to get closer to strong password rules with the help of parameters and/or table USR40. I have not found a way to include a rule that the user password may not include (part of) the user name, firstname, last name and such things. These may help you to restict it. login/disable_cpic = 0 login/disable_multi_gui_login = 0 login/disable_multi_rfc_login = 0 login/disable_password_logon = 0 login/failed_user_auto_unlock = 0 login/fails_to_session_end = 3 login/fails_to_user_lock = 5 login/isolate_rfc_system_calls = 0 login/min_password_diff = 4 login/min_password_digits = 2 login/min_password_letters = 4 login/min_password_lng = 8 login/min_password_specials = 0 login/no_automatic_user_sapstar = 1 login/password_change_for_SSO = 0 login/password_change_for_sso = 0 login/password_charset = 1 login/password_downwards_compatibility = 5 login/password_expiration_time = 90 login/password_max_new_valid = 30 login/password_max_reset_valid = 0 Page: File: 9 of 10 130466570.doc
SAP Password Page: File: 10 of 10 130466570.doc

Recommandé

Technical Walkthrough of SAP S/4HANA System Conversion
Technical Walkthrough of SAP S/4HANA System ConversionTechnical Walkthrough of SAP S/4HANA System Conversion
Technical Walkthrough of SAP S/4HANA System ConversionAkilesh Kumaran
 
SAP Fiori - what is it and lessons learned from a customer deployment
SAP Fiori - what is it and lessons learned from a customer deploymentSAP Fiori - what is it and lessons learned from a customer deployment
SAP Fiori - what is it and lessons learned from a customer deploymentPaul Snyman
 
SAP Cloud Platform Integration L2 Deck 2017Q4
SAP Cloud Platform Integration L2 Deck 2017Q4SAP Cloud Platform Integration L2 Deck 2017Q4
SAP Cloud Platform Integration L2 Deck 2017Q4SAP Cloud Platform
 
Introduction to snowflake
Introduction to snowflakeIntroduction to snowflake
Introduction to snowflakeSunil Gurav
 
How to use abap cds for data provisioning in bw
How to use abap cds for data provisioning in bwHow to use abap cds for data provisioning in bw
How to use abap cds for data provisioning in bwLuc Vanrobays
 
Sap Leonardo - what is it, and why would I want one?
Sap Leonardo - what is it, and why would I want one?Sap Leonardo - what is it, and why would I want one?
Sap Leonardo - what is it, and why would I want one?Tom Raftery
 
Generative AI in insurance- A comprehensive guide.pdf
Generative AI in insurance- A comprehensive guide.pdfGenerative AI in insurance- A comprehensive guide.pdf
Generative AI in insurance- A comprehensive guide.pdfStephenAmell4
 
RISE PCE CAA Migration Options_wave4.pdf
RISE PCE CAA Migration Options_wave4.pdfRISE PCE CAA Migration Options_wave4.pdf
RISE PCE CAA Migration Options_wave4.pdfken761ken1
 

Recommandé

Technical Walkthrough of SAP S/4HANA System Conversion
Technical Walkthrough of SAP S/4HANA System ConversionTechnical Walkthrough of SAP S/4HANA System Conversion
Technical Walkthrough of SAP S/4HANA System ConversionAkilesh Kumaran
 
SAP Fiori - what is it and lessons learned from a customer deployment
SAP Fiori - what is it and lessons learned from a customer deploymentSAP Fiori - what is it and lessons learned from a customer deployment
SAP Fiori - what is it and lessons learned from a customer deploymentPaul Snyman
 
SAP Cloud Platform Integration L2 Deck 2017Q4
SAP Cloud Platform Integration L2 Deck 2017Q4SAP Cloud Platform Integration L2 Deck 2017Q4
SAP Cloud Platform Integration L2 Deck 2017Q4SAP Cloud Platform
 
Introduction to snowflake
Introduction to snowflakeIntroduction to snowflake
Introduction to snowflakeSunil Gurav
 
How to use abap cds for data provisioning in bw
How to use abap cds for data provisioning in bwHow to use abap cds for data provisioning in bw
How to use abap cds for data provisioning in bwLuc Vanrobays
 
Sap Leonardo - what is it, and why would I want one?
Sap Leonardo - what is it, and why would I want one?Sap Leonardo - what is it, and why would I want one?
Sap Leonardo - what is it, and why would I want one?Tom Raftery
 
Generative AI in insurance- A comprehensive guide.pdf
Generative AI in insurance- A comprehensive guide.pdfGenerative AI in insurance- A comprehensive guide.pdf
Generative AI in insurance- A comprehensive guide.pdfStephenAmell4
 
RISE PCE CAA Migration Options_wave4.pdf
RISE PCE CAA Migration Options_wave4.pdfRISE PCE CAA Migration Options_wave4.pdf
RISE PCE CAA Migration Options_wave4.pdfken761ken1
 
Take the Next Step to S/4HANA with "RISE with SAP"
Take the Next Step to S/4HANA with "RISE with SAP"Take the Next Step to S/4HANA with "RISE with SAP"
Take the Next Step to S/4HANA with "RISE with SAP"panayaofficial
 
Introduction Into SAP Fiori
Introduction Into SAP FioriIntroduction Into SAP Fiori
Introduction Into SAP FioriBlackvard
 
Sap fiori tutorial
Sap fiori tutorialSap fiori tutorial
Sap fiori tutorialNagendra Babu
 
How to Migrate SAP Applications to AWS While Maintaining Compliance with AWS ...
How to Migrate SAP Applications to AWS While Maintaining Compliance with AWS ...How to Migrate SAP Applications to AWS While Maintaining Compliance with AWS ...
How to Migrate SAP Applications to AWS While Maintaining Compliance with AWS ...Amazon Web Services
 
SAP’s Intelligent Enterprise Strategy
SAP’s Intelligent Enterprise StrategySAP’s Intelligent Enterprise Strategy
SAP’s Intelligent Enterprise StrategyAGSanePLDTCompany
 
High Availability in Microsoft Azure
High Availability in Microsoft AzureHigh Availability in Microsoft Azure
High Availability in Microsoft AzureKrunal Trivedi
 
SaaS Presentation at SCIT Conference
SaaS Presentation at SCIT ConferenceSaaS Presentation at SCIT Conference
SaaS Presentation at SCIT ConferenceSuhas Kelkar
 
SAP Cloud Platform Product Overview
SAP Cloud Platform Product OverviewSAP Cloud Platform Product Overview
SAP Cloud Platform Product OverviewSAP Cloud Platform
 
SAP HANA SPS10- Multitenant Database Containers
SAP HANA SPS10- Multitenant Database ContainersSAP HANA SPS10- Multitenant Database Containers
SAP HANA SPS10- Multitenant Database ContainersSAP Technology
 
LeverX IQ DMS Overview - SAP DMS Simplified
LeverX IQ DMS Overview - SAP DMS SimplifiedLeverX IQ DMS Overview - SAP DMS Simplified
LeverX IQ DMS Overview - SAP DMS SimplifiedEric Stajda
 
Introduction to Oracle Cloud
Introduction to Oracle CloudIntroduction to Oracle Cloud
Introduction to Oracle Cloudjohnnhernandez
 
Sap fiori-ux-architecture-for-s4h
Sap fiori-ux-architecture-for-s4hSap fiori-ux-architecture-for-s4h
Sap fiori-ux-architecture-for-s4hAkhilendra Singh
 
Transition to SAP S/4HANA System Conversion: A step-by-step guide
Transition to SAP S/4HANA System Conversion: A step-by-step guide Transition to SAP S/4HANA System Conversion: A step-by-step guide
Transition to SAP S/4HANA System Conversion: A step-by-step guide Kellton Tech Solutions Ltd
 
SAP HANA SPS08 Scale-Out, High Availability and Disaster Recovery
SAP HANA SPS08 Scale-Out, High Availability and Disaster Recovery SAP HANA SPS08 Scale-Out, High Availability and Disaster Recovery
SAP HANA SPS08 Scale-Out, High Availability and Disaster Recovery SAP Technology
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingDipankar Boruah
 
Active Directory component
Active Directory componentActive Directory component
Active Directory componentkuldeep singh shishodia
 
SAP HANA INFRA - Amazon Web Services - Cloud
SAP HANA INFRA - Amazon Web Services - CloudSAP HANA INFRA - Amazon Web Services - Cloud
SAP HANA INFRA - Amazon Web Services - CloudSandeep Mahindra
 
Snowflake: The Good, the Bad, and the Ugly
Snowflake: The Good, the Bad, and the UglySnowflake: The Good, the Bad, and the Ugly
Snowflake: The Good, the Bad, and the UglyTyler Wishnoff
 
Sap s 4 hana client strategy
Sap s 4 hana client strategySap s 4 hana client strategy
Sap s 4 hana client strategyssuser017e8f
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk ArchitectureKishore Chaganti
 
Ds interest (HS)
Ds interest (HS)Ds interest (HS)
Ds interest (HS)barcombe
 
Rabbits
RabbitsRabbits
Rabbitsbarcombe
 

Contenu connexe

Tendances

Take the Next Step to S/4HANA with "RISE with SAP"
Take the Next Step to S/4HANA with "RISE with SAP"Take the Next Step to S/4HANA with "RISE with SAP"
Take the Next Step to S/4HANA with "RISE with SAP"panayaofficial
 
Introduction Into SAP Fiori
Introduction Into SAP FioriIntroduction Into SAP Fiori
Introduction Into SAP FioriBlackvard
 
How to Migrate SAP Applications to AWS While Maintaining Compliance with AWS ...
How to Migrate SAP Applications to AWS While Maintaining Compliance with AWS ...How to Migrate SAP Applications to AWS While Maintaining Compliance with AWS ...
How to Migrate SAP Applications to AWS While Maintaining Compliance with AWS ...Amazon Web Services
 
SAP’s Intelligent Enterprise Strategy
SAP’s Intelligent Enterprise StrategySAP’s Intelligent Enterprise Strategy
SAP’s Intelligent Enterprise StrategyAGSanePLDTCompany
 
High Availability in Microsoft Azure
High Availability in Microsoft AzureHigh Availability in Microsoft Azure
High Availability in Microsoft AzureKrunal Trivedi
 
SaaS Presentation at SCIT Conference
SaaS Presentation at SCIT ConferenceSaaS Presentation at SCIT Conference
SaaS Presentation at SCIT ConferenceSuhas Kelkar
 
SAP Cloud Platform Product Overview
SAP Cloud Platform Product OverviewSAP Cloud Platform Product Overview
SAP Cloud Platform Product OverviewSAP Cloud Platform
 
SAP HANA SPS10- Multitenant Database Containers
SAP HANA SPS10- Multitenant Database ContainersSAP HANA SPS10- Multitenant Database Containers
SAP HANA SPS10- Multitenant Database ContainersSAP Technology
 
LeverX IQ DMS Overview - SAP DMS Simplified
LeverX IQ DMS Overview - SAP DMS SimplifiedLeverX IQ DMS Overview - SAP DMS Simplified
LeverX IQ DMS Overview - SAP DMS SimplifiedEric Stajda
 
Introduction to Oracle Cloud
Introduction to Oracle CloudIntroduction to Oracle Cloud
Introduction to Oracle Cloudjohnnhernandez
 
Sap fiori-ux-architecture-for-s4h
Sap fiori-ux-architecture-for-s4hSap fiori-ux-architecture-for-s4h
Sap fiori-ux-architecture-for-s4hAkhilendra Singh
 
Transition to SAP S/4HANA System Conversion: A step-by-step guide
Transition to SAP S/4HANA System Conversion: A step-by-step guide Transition to SAP S/4HANA System Conversion: A step-by-step guide
Transition to SAP S/4HANA System Conversion: A step-by-step guide Kellton Tech Solutions Ltd
 
SAP HANA SPS08 Scale-Out, High Availability and Disaster Recovery
SAP HANA SPS08 Scale-Out, High Availability and Disaster Recovery SAP HANA SPS08 Scale-Out, High Availability and Disaster Recovery
SAP HANA SPS08 Scale-Out, High Availability and Disaster Recovery SAP Technology
 
SAP HANA INFRA - Amazon Web Services - Cloud
SAP HANA INFRA - Amazon Web Services - CloudSAP HANA INFRA - Amazon Web Services - Cloud
SAP HANA INFRA - Amazon Web Services - CloudSandeep Mahindra
 
Snowflake: The Good, the Bad, and the Ugly
Snowflake: The Good, the Bad, and the UglySnowflake: The Good, the Bad, and the Ugly
Snowflake: The Good, the Bad, and the UglyTyler Wishnoff
 
Sap s 4 hana client strategy
Sap s 4 hana client strategySap s 4 hana client strategy
Sap s 4 hana client strategyssuser017e8f
 

Tendances (20)

Take the Next Step to S/4HANA with "RISE with SAP"
Take the Next Step to S/4HANA with "RISE with SAP"Take the Next Step to S/4HANA with "RISE with SAP"
Take the Next Step to S/4HANA with "RISE with SAP"
 
Introduction Into SAP Fiori
Introduction Into SAP FioriIntroduction Into SAP Fiori
Introduction Into SAP Fiori
 
Sap fiori tutorial
Sap fiori tutorialSap fiori tutorial
Sap fiori tutorial
 
How to Migrate SAP Applications to AWS While Maintaining Compliance with AWS ...
How to Migrate SAP Applications to AWS While Maintaining Compliance with AWS ...How to Migrate SAP Applications to AWS While Maintaining Compliance with AWS ...
How to Migrate SAP Applications to AWS While Maintaining Compliance with AWS ...
 
SAP’s Intelligent Enterprise Strategy
SAP’s Intelligent Enterprise StrategySAP’s Intelligent Enterprise Strategy
SAP’s Intelligent Enterprise Strategy
 
High Availability in Microsoft Azure
High Availability in Microsoft AzureHigh Availability in Microsoft Azure
High Availability in Microsoft Azure
 
SaaS Presentation at SCIT Conference
SaaS Presentation at SCIT ConferenceSaaS Presentation at SCIT Conference
SaaS Presentation at SCIT Conference
 
SAP Cloud Platform Product Overview
SAP Cloud Platform Product OverviewSAP Cloud Platform Product Overview
SAP Cloud Platform Product Overview
 
SAP HANA SPS10- Multitenant Database Containers
SAP HANA SPS10- Multitenant Database ContainersSAP HANA SPS10- Multitenant Database Containers
SAP HANA SPS10- Multitenant Database Containers
 
LeverX IQ DMS Overview - SAP DMS Simplified
LeverX IQ DMS Overview - SAP DMS SimplifiedLeverX IQ DMS Overview - SAP DMS Simplified
LeverX IQ DMS Overview - SAP DMS Simplified
 
Introduction to Oracle Cloud
Introduction to Oracle CloudIntroduction to Oracle Cloud
Introduction to Oracle Cloud
 
Sap fiori-ux-architecture-for-s4h
Sap fiori-ux-architecture-for-s4hSap fiori-ux-architecture-for-s4h
Sap fiori-ux-architecture-for-s4h
 
Transition to SAP S/4HANA System Conversion: A step-by-step guide
Transition to SAP S/4HANA System Conversion: A step-by-step guide Transition to SAP S/4HANA System Conversion: A step-by-step guide
Transition to SAP S/4HANA System Conversion: A step-by-step guide
 
SAP HANA SPS08 Scale-Out, High Availability and Disaster Recovery
SAP HANA SPS08 Scale-Out, High Availability and Disaster Recovery SAP HANA SPS08 Scale-Out, High Availability and Disaster Recovery
SAP HANA SPS08 Scale-Out, High Availability and Disaster Recovery
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Active Directory component
Active Directory componentActive Directory component
Active Directory component
 
SAP HANA INFRA - Amazon Web Services - Cloud
SAP HANA INFRA - Amazon Web Services - CloudSAP HANA INFRA - Amazon Web Services - Cloud
SAP HANA INFRA - Amazon Web Services - Cloud
 
Snowflake: The Good, the Bad, and the Ugly
Snowflake: The Good, the Bad, and the UglySnowflake: The Good, the Bad, and the Ugly
Snowflake: The Good, the Bad, and the Ugly
 
Sap s 4 hana client strategy
Sap s 4 hana client strategySap s 4 hana client strategy
Sap s 4 hana client strategy
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk Architecture
 

En vedette

Ds interest (HS)
Ds interest (HS)Ds interest (HS)
Ds interest (HS)barcombe
 
Great white sharks project
Great white sharks projectGreat white sharks project
Great white sharks projecteric57
 
Great white sharks
Great white sharksGreat white sharks
Great white sharksNicole Terry
 
4-H Rabbit Project 101: In Depth Basics
4-H Rabbit Project 101: In Depth Basics4-H Rabbit Project 101: In Depth Basics
4-H Rabbit Project 101: In Depth Basicsmothermayirabbitry
 
All secret codes of samsung mobile phone
All secret codes of samsung mobile phoneAll secret codes of samsung mobile phone
All secret codes of samsung mobile phonenendydoank
 
Samsung Mobile Phone Codes
Samsung Mobile Phone CodesSamsung Mobile Phone Codes
Samsung Mobile Phone CodesLenny Henningham
 
21 reasons why we should get a dog
21 reasons why we should get a dog21 reasons why we should get a dog
21 reasons why we should get a dogchrisknudsen
 
Phone security code unlock message
Phone security code unlock messagePhone security code unlock message
Phone security code unlock messageMansoor Rafeeq
 
Fingerprint presentation
Fingerprint presentationFingerprint presentation
Fingerprint presentationrajarose89
 

En vedette (19)

Ds interest (HS)
Ds interest (HS)Ds interest (HS)
Ds interest (HS)
 
Rabbits
RabbitsRabbits
Rabbits
 
Rabbits Integrated Pest Management
Rabbits Integrated Pest ManagementRabbits Integrated Pest Management
Rabbits Integrated Pest Management
 
Can Dogs Drink Coffee
Can Dogs Drink CoffeeCan Dogs Drink Coffee
Can Dogs Drink Coffee
 
Great white sharks project
Great white sharks projectGreat white sharks project
Great white sharks project
 
Great white sharks
Great white sharksGreat white sharks
Great white sharks
 
Password management
Password managementPassword management
Password management
 
4-H Rabbit Project 101: In Depth Basics
4-H Rabbit Project 101: In Depth Basics4-H Rabbit Project 101: In Depth Basics
4-H Rabbit Project 101: In Depth Basics
 
A report about rabbits
A report about rabbitsA report about rabbits
A report about rabbits
 
Rabbit
RabbitRabbit
Rabbit
 
One-Time Password
One-Time PasswordOne-Time Password
One-Time Password
 
All secret codes of samsung mobile phone
All secret codes of samsung mobile phoneAll secret codes of samsung mobile phone
All secret codes of samsung mobile phone
 
Samsung Mobile Phone Codes
Samsung Mobile Phone CodesSamsung Mobile Phone Codes
Samsung Mobile Phone Codes
 
Rabbit production
Rabbit productionRabbit production
Rabbit production
 
21 reasons why we should get a dog
21 reasons why we should get a dog21 reasons why we should get a dog
21 reasons why we should get a dog
 
Rabbits
RabbitsRabbits
Rabbits
 
Phone security code unlock message
Phone security code unlock messagePhone security code unlock message
Phone security code unlock message
 
Secret Codes
Secret CodesSecret Codes
Secret Codes
 
Fingerprint presentation
Fingerprint presentationFingerprint presentation
Fingerprint presentation
 

Similaire à SAP Password Rules and Configuration

Sever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsSever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsPortalGuard
 
Globalcompose.com sample coursework paper on management of information security
Globalcompose.com sample coursework paper on management of information securityGlobalcompose.com sample coursework paper on management of information security
Globalcompose.com sample coursework paper on management of information securityAcademic Research Paper Writing Services
 
Globalcompose.com sample coursework paper on management of information security
Globalcompose.com sample coursework paper on management of information securityGlobalcompose.com sample coursework paper on management of information security
Globalcompose.com sample coursework paper on management of information securityAcademic Research Paper Writing Services
 
Sap implementation
Sap implementationSap implementation
Sap implementationsydraza786
 
Sql interview question part 7
Sql interview question part 7Sql interview question part 7
Sql interview question part 7kaashiv1
 
Racf psw enhancement
Racf psw enhancementRacf psw enhancement
Racf psw enhancementLuigi Perrone
 
Vpd Virtual Private Database By Saurabh
Vpd Virtual Private Database By SaurabhVpd Virtual Private Database By Saurabh
Vpd Virtual Private Database By Saurabhguestd83b546
 
SAP ADMINISTRATION
SAP ADMINISTRATIONSAP ADMINISTRATION
SAP ADMINISTRATIONAly Adel
 
Online job portal java project report
Online job portal java project reportOnline job portal java project report
Online job portal java project reportIIUM
 
SE - Software Requirements
SE - Software RequirementsSE - Software Requirements
SE - Software RequirementsJomel Penalba
 
Dell Password Manager Introduction
Dell Password Manager IntroductionDell Password Manager Introduction
Dell Password Manager IntroductionAidy Tificate
 

Similaire à SAP Password Rules and Configuration (20)

Sever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple PasswordsSever-based Password Synchronization: Managing Multiple Passwords
Sever-based Password Synchronization: Managing Multiple Passwords
 
Sap
SapSap
Sap
 
SAP BASIS Training in Chennai
SAP BASIS Training in ChennaiSAP BASIS Training in Chennai
SAP BASIS Training in Chennai
 
Globalcompose.com sample coursework paper on management of information security
Globalcompose.com sample coursework paper on management of information securityGlobalcompose.com sample coursework paper on management of information security
Globalcompose.com sample coursework paper on management of information security
 
Globalcompose.com sample coursework paper on management of information security
Globalcompose.com sample coursework paper on management of information securityGlobalcompose.com sample coursework paper on management of information security
Globalcompose.com sample coursework paper on management of information security
 
Sap implementation
Sap implementationSap implementation
Sap implementation
 
Ebook7
Ebook7Ebook7
Ebook7
 
Sql interview question part 7
Sql interview question part 7Sql interview question part 7
Sql interview question part 7
 
Racf psw enhancement
Racf psw enhancementRacf psw enhancement
Racf psw enhancement
 
Clientadmin
ClientadminClientadmin
Clientadmin
 
Vpd Virtual Private Database By Saurabh
Vpd Virtual Private Database By SaurabhVpd Virtual Private Database By Saurabh
Vpd Virtual Private Database By Saurabh
 
Userpasswrd
UserpasswrdUserpasswrd
Userpasswrd
 
Ridge weigh technical writeup
Ridge weigh technical writeupRidge weigh technical writeup
Ridge weigh technical writeup
 
Sap basis made easy
Sap basis made easySap basis made easy
Sap basis made easy
 
Ppts
PptsPpts
Ppts
 
SAP ADMINISTRATION
SAP ADMINISTRATIONSAP ADMINISTRATION
SAP ADMINISTRATION
 
HANA SPS07 Security
HANA SPS07 Security HANA SPS07 Security
HANA SPS07 Security
 
Online job portal java project report
Online job portal java project reportOnline job portal java project report
Online job portal java project report
 
SE - Software Requirements
SE - Software RequirementsSE - Software Requirements
SE - Software Requirements
 
Dell Password Manager Introduction
Dell Password Manager IntroductionDell Password Manager Introduction
Dell Password Manager Introduction
 

Dernier

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 

Dernier (20)

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 

SAP Password Rules and Configuration

  • 1. SAP Password 1. Which rules apply to changing passwords? When an administrator creates a user account (of the type DIALOG or COMMUNICATION, see Note 622464), they assign an initial password that must be changed immediately when it is first used. The lifetime of initial passwords can be restricted (see Notes 379081 and 450452). Passwords that are reset by the administrator must also be changed by the user during the next (interactive) logon. The lifetime of reset passwords can be restricted (see Notes 379081 and 450452). By default, the password must have at least three characters. You can change this value using the profile parameter login/min_password_lng. The password can have a maximum of eight characters (ABAP systems up to Release 7.0). As of NetWeaver 7.0, ABAP systems support longer passwords (up to 40 characters) and also differentiate between lowercase letters and uppercase letters (see Note 862989). ? or ! cannot be the first character of a password. The first three characters of the password cannot occur in the same order in the user ID. Remark: As of Release 6. 10 (Web Application Server), this rule was removed. It applies only in all releases up to Release 4.6D. The first three characters cannot be identical. The first three characters cannot be blank characters. Remark: As of Release 6. 10 (Web Application Server), this rule no longer applies. The system checks this only in releases up to Release 4.6D. The password cannot be "PASS" or "SAP*". The administrator can define patterns of "illegal passwords" (table USR40). You can use all characters from the syntactical character set, that is, all letters, digits, and some special characters. Remark: As of Release 6. 10 (Web Application Server), the password rules were enhanced. In these releases, you can define the minimum number of digits, characters, or special characters that must be contained in the new password. login/min_password_digits login/min_password_letters login/min_password_specials The system does not differentiate between uppercase and lowercase (ABAP systems up to Release 7.0). As of NetWeaver 7.0, ABAP systems support longer passwords (up to 40 characters) and also differentiate between lowercase letters and uppercase letters (see Note 862989). The password can be changed by the user only after the correct old password was entered. Remark: Prior to Release 6. 20 (Web Application Server), the password can be changed only during the logon procedure. As of Release 6.20, the password can also be changed by following the menu path "System > User Profile > Own Data" (SU3). The new password must differ from the old password by at least one character (that is, they cannot be identical). Page: File: 1 of 10 130466570.doc
  • 2. SAP Password Remark: As of Release 6. 10 (Web Application Server), you can define the minimum number of characters that must be different between the old password and the new password (login/min_password_diff). The last five passwords that were chosen by the user are stored in a user-specific password history and cannot be reused. Remark: The size of the password history is static (5) and cannot be maintained (ABAP systems up to Release 7.0). As of NetWeaver 7.0, you can define the size of the password history (see Note 862989: login/password_history_size). The password can be changed by the user once a day at the most. This rule prevents users from bypassing the password history rule. As of NetWeaver 7.0, you can configure this lock period (see Note 862989: login/password_change_waittime). Remark: The administrator can reset user passwords at any time. In this case, during the next logon, the system prompts the user to change the password. The lock period mentioned above applies only to cases in which the user requests a password change. For forced password changes, it is disabled. Changed password rules do not affect old passwords. Password rules are evaluated only during the password change itself. As of NetWeaver 7.0, you can specifically prompt certain users to change their passwords early. These are users whose passwords do not comply with the current password rules (see Note 862989: login/password_compliance_to_current_policy). As of Release 6.10, you can use the function module PASSWORD_FORMAL_CHECK to determine whether a given string corresponds to the current password rules. 2. What can be configured in the system? The following profile parameters are available for setting password rules and preventing unauthorized logons: login/min_password_lng This parameter defines the minimum length of the password. Default value: 3 Allowed values: 3 - 8 (as of Release 7.0: 1 - 40) login/min_password_digits (as of Release 6.10) This parameter defines the minimum number of digits (0-9) in passwords. Default value: 0 Allowed values: 0 - 8 (as of Release 7.0: 1 - 40) login/min_password_letters (as of Release 6.10) This parameter defines the minimum number of letters (A-Z) in passwords. Default value: 0 Allowed values: 0 - 8 (as of Release 7.0: 1 - 40) login/min_password_specials (as of Release 6.10) This parameter defines the minimum number of special characters in passwords. Special characters are: !"@ $%&/()=?'`*+~#-_.,;:{[]}<> Default value: 0 Allowed values: 0 - 8 (as of Release 7.0: 1 - 40) login/min_password_diff (as of Release 6.10) This parameter defines the minimum number of characters that must be different in the new password in comparison to the old password. (The system tries to find the best match by rotating both passwords. More detailed information about this is available in the online documentation (RZ11)). Default value: 1 Allowed values: 1 - 8 (as of Release 7.0: 1 - 40) Page: File: 2 of 10 130466570.doc
  • 3. SAP Password login/password_expiration_time This parameter defines the number of days after which the password must be changed. Default value: 0 (no limit) Allowed values: Any numeric value login/fails_to_session_end This parameter defines the number of unsuccessful logon attempts before the system closes the session. We recommend that you set this parameter to a lower value than the value of the parameter login/fails_to_user_lock. Default value: 3 Allowed values: 1 - 99 login/fails_to_user_lock This parameter defines the number of unsuccessful logon attempts before the system locks the user. By default, users that were locked due to unsuccessful logon attempts are unlocked at midnight. Default value: 12 (as of Release 7.0: 5) Allowed values: 1 - 99 login/failed_user_auto_unlock This parameter defines whether password locks (that were set due to multiple failed password logon attempts) are automatically to be considered as expired at midnight. Default value: 1 (as of Release 7.0: 0) Allowed values: 0, 1 login/no_automatic_user_sapstar For information, see Notes 2383 and 68048. Remark: The default value was changed as of NetWeaver 7.0. rdisp/gui_auto_logout This parameter defines the maximum idle time in seconds for a user (valid only for SAP GUI connections). Default value: 0 (no limit) Allowed values: Any numeric values In addition, in the table USR40, you can define character combinations or terms that cannot be used as passwords. In this table, you can use the characters "*" and "?" as wildcards. The character "?" represents a single character, and the character "*" represents a character string. Remark: The table USR40 was not designed to contain thousands of single values for "illegal passwords" (negative dictionary). Instead, the system expects pattern values. Possible new passwords are compared with all the entries in the table USR40. Since this restriction was not entirely clear, and because many customers filled their table USR40 with thousands of single values, we have optimized the search within the table. For more information, see Note 618630. Examples: 123* prohibits all passwords that begin with "123", such as "123456" or "123123". P?SS prohibits passwords like "PASS", "PBSS", and so on. *? ?* prohibits passwords that contain blank characters (between words). 3. How is the password stored? The password is stored in the database as a hash value (a reversal is not possible: the relevant plaintext password cannot be determined from the hash value). MD5 and (as of NetWeaver 7.0) SHA-1 with a deterministic "Salt" are used as the hash functions. As of NetWeaver 7.1, password hash procedures with a randomly generated "Salt" are also supported (see Note 991968). 4. How is the password transferred using the network? Currently, the data stream between the front end and the application server is only compressed. To encrypt data for the transfer, use our Secure Network Communications (SNC) and an external security product. Using SNC enables a user authentication that is not based on passwords. Therefore, it is not necessary to send any password data using the network. Page: File: 3 of 10 130466570.doc
  • 4. SAP Password There is no option for us to encrypt the data stream between the application server and the database server. Contact your database provider for information about which options are available. 5. Can a user without an authorization profile execute functions in the SAP system? Users who do not have an authorization profile can execute only functions for which no authorization checks are carried out. However, there should be very few of these functions. If you discover deficiencies in this area, report them to the SAP Development department. (In the case of an emergency, you can use a modification to implement checks. In transaction SE93, maintain an authorization object and its values to check the affected transaction). Password Control in SAP Systems There are two ways in which you can define your choice of user passwords: • You can use the system profile parameters to assign a minimum length for the passwords and define how often the user has to set new passwords. • Invalid passwords can be entered in the table of reserved passwords, USR40. This table is maintained with transaction SM30. The entries can also be made generically: - ? denotes one character - * denotes a character string The SAP System also has pre-defined password rules. You can control passwords with profile parameters login* login/min_password_lng - Defines the minimum allowed length of a new password. login/password_expiration_time - Defines the expiration period of the password login/fails_to_user_lock - Locks the user after the specified amount of wrong logon attempts; user is unlocked at midnight if the login/failed_user_auto_unlock parameter is set login/fails_to_session_end - Ends the user.s session after the specified amount of wrong logon attempts login/disable_multiple_gui_login - Refuses multiple logon of users; only users listed in login/multi_login_users are allowed for multiple logon login/min_password_diff - Defines the minimum number of different characters between old and new password including rotation login/password_max_new_valid - Defines the validity period of passwords for newly created users login/password_max_reset_valid - Defines the validity period of passwords reset login/min_password_digits/_letters/_specials - Defines the minimum number of digits/letters/special characters in the password login/disable_password_logon and login/password_logon_usergroup Controls the deactivation of password-based logon login/disable_cpic -Refuses incoming connections of type, CPIC rdisp/gui_auto_logout - Defines the time for automatic SAPGUI logout login/no_automatic_user_sapstar Controls the SAP* user Default password, and protecting SAP* Page: File: 4 of 10 130466570.doc
  • 5. SAP Password Starting with installations of SAP Web Application Server release 6.10 and higher, the passwords of SAP* and DDIC are selected during the installation process. Use the User Information System or report RSUSR003 to monitor the passwords of all predefined users. If possible, make use of the profile parameter, login/no_automatic_user_sapstar. If you create a new client the default password for SAP* is pass. If you delete SAP* userid, logon is possible with SAP* /pass. The DDIC user maintains the ABAP dictionary and software logistics. The system automatically creates a user master record for user SAP* and DDIC in client 000 when the SAP System is installed. This is the only user who can log on to the SAP System during a release upgrade. Do not delete or lock user DDIC because it is required for certain installation and set-up tasks. User DDIC needs extensive authorization. As a result, the profile SAP_ALL is allocated to it. The users, SAP* and DDIC, should be assigned to user group SUPER to prevent unauthorized users from changing or deleting their user master record. Default clients in an SAP System: • Client 000 is used for customizing default settings. SAP imports the customized settings into this client in future SAP System releases during the upgrade process or even with support packages. Client 000 should not be used to customize data input or development. • Client 066 is used by the SAP EarlyWatch service and should not be used ordeleted by the customers. Please refer to new password rules Table USR40 in BK2 / BK1: Page: File: 5 of 10 130466570.doc
  • 6. SAP Password SAP Password Rule Description New passwords must be 8 letters (and/or numbers and/or most special characters) in length. Cannot use a password that has been used before...... it remembers back 5 passwords. After changing your password, you have to wait one day in order to change it again. When changing your password, the new one must differ by at least one character. SAP passwords are not case sensitive. Passwords expire after 60 days. Passwords expire after 60 days. 6 incorrect passwords and the account is locked, and SAP Helpdesk has to be contacted to unlock account. Passwords can't have the symbols "?" or "!" as the first character. The first 3 characters cannot occur in the same order in the Userid. First 3 chararacters cannot be identical. First 3 characters cannot contain a space. Invalid Passwords: Table USR40 • 12345678 • qwertyui • asdfghjk • zxcvbnm • february • november • december • pass • sap* Password Management in the SAP System A user account must have a password in order to be able to connect to the SAP system. When a user is created in SAP, an initial password is assigned to the user account. The initial password can be explicitly specified or system generated. The user is prompted to change the password on first logon attempt. It is important to ensure that both the initial and new passwords must not be trivial. A number of parameters can be used to manage password in SAP. These include: Login/password_expiration_time: This parameter defines the number of days after which a password must be changed. Login/min_password_lng: This parameter defines the minimum password length. Page: File: 6 of 10 130466570.doc
  • 7. SAP Password Login/min_password digit: This parameter defines the minimum number of digits (0-9) in a password. Login/min_password_letters: This parameter defines the minimum number of letters or alphabets (A-Z) in a password. Login/min_password_special: This parameter defines the number of special characters in a password. These special characters include (), !, , $, %,:,’, “, ;, =, &, #, },],{,[, >, <. Login/min_password_diff: This parameter defines the number of differing characters from previous password. In order to enforce password complexity and ensure that passwords that can be easily guessed are not specified in the system, SAP provides table USR40, which is used to define prohibited passwords. This table houses words that cannot be used as password in the SAP system. ? and * are two wild characters that can be used in conjunction with words defined in the USR40 table. While ? addresses single character, * addresses sequence of any combination of characters of any length. For example, 123* forbids password that begins with 123; *123* forbids any password that contains the sequence 123 and XY? Forbid password that begin with XY and have additional characters such as XYX, XYY and XYZ. To define prohibited password, use transaction SE16 Page: File: 7 of 10 130466570.doc
  • 8. SAP Password SAP SYSTEM SECURITY PARAMETERS A good number of parameters in the RSPARAM table define how security is enforced in the SAP system. These parameters have default values defined for them. If many of these default values are not changed, the integrity of the system can be compromised. Find following a concise description of some important security-oriented parameters. Login/no_automatic_user_sapstar By default, the SAP system is installed with a super user master record called SAP*. If this master record is deleted, SAP allows a user to logon with a password of “PASS” for the SAP* user. To disallow this “illegal” entry, set the value to 1. Recommended value is 1. Login/failed_to_user_lock This parameter defines the maximum number of unsuccessful logon attempts before the user is locked by the system. An entry will therefore be recorded in the system log. Recommended value is 6 Login/failed_user_auto_unlock This parameter activates or deactivates the automatic unlocking of locked users at midnight. It is advisable that the system/user administrator performs the unlocking of locked users. Recommended value is 0 Login/fails_to_session_end This parameter defines the number of times a user may enter a wrong password before the login session is terminated. Recommended value is 3 Login/gui_auto_logout This parameter defines the number of inactive seconds after which a user is automatically logged out of the system. Recommended value is 1800 sec Login/password_expiration_time This parameter defines the number of days after which a password must be changed. Recommended value is 35 days Login/min_password_lng Page: File: 8 of 10 130466570.doc
  • 9. SAP Password This parameter defines the minimum password length. Recommended value is 8 *Login/min_password digit This parameter defines the minimum number of digits (0-9) in a password. *Login/min_password_letters This parameter defines the minimum number of letters or alphabets (A-Z) in a password. *Login/min_password_special This parameter defines the number of special characters in a password. These special characters include (), !, , $, %,:,’, “, ;, =, &, #, },],{,[, >, < *Login/min_password_diff This parameter defines the number of differing characters from previous password. Rec/client This parameter activates or deactivates automatic table logging. It is recommended to switch it on, however, resource utilization, table(s) to be logged and log volume should be critically analyzed. Auth/rfc_authority_check This parameter defined how S_RFC object is checked during RFC calls. When set to a recommended value of 2, check is active and it performed against SRFC-FUGR. It would however be helpful is someone has already found a way to get closer to strong password rules with the help of parameters and/or table USR40. I have not found a way to include a rule that the user password may not include (part of) the user name, firstname, last name and such things. These may help you to restict it. login/disable_cpic = 0 login/disable_multi_gui_login = 0 login/disable_multi_rfc_login = 0 login/disable_password_logon = 0 login/failed_user_auto_unlock = 0 login/fails_to_session_end = 3 login/fails_to_user_lock = 5 login/isolate_rfc_system_calls = 0 login/min_password_diff = 4 login/min_password_digits = 2 login/min_password_letters = 4 login/min_password_lng = 8 login/min_password_specials = 0 login/no_automatic_user_sapstar = 1 login/password_change_for_SSO = 0 login/password_change_for_sso = 0 login/password_charset = 1 login/password_downwards_compatibility = 5 login/password_expiration_time = 90 login/password_max_new_valid = 30 login/password_max_reset_valid = 0 Page: File: 9 of 10 130466570.doc
  • 10. SAP Password Page: File: 10 of 10 130466570.doc