Question:
Hi,
I have a problem.
There is a public user id used by many people, I want to restrict them not to change the password. I mean the button 'New passord' at the logon interface. What should I do?
Your advice is expected. Thx.
Answer:
Dear Georgine,
You can use transaction RZ10 or RZ11 to change the system profile parameter login/disable_multi_gui_login to value = 1.
This will give you better control.
Regards,
Ned
Answer:
Dear Ned,
Thanks.
I think your method can avoid multiple login,
but the user account I just mentioned have to login on several PC, and I just want to forbid them not to change the password by theirself, Only by the administrator.
Answer:
The easiest way to do this would be by training them not to do it.
If you have the security audit log you can see which terminals were logged on when the change was made and go from there.
The best solution of course is not to have generic ID's
Answer:
Hi Georgine,
Sorry, I misunderstood.
Try write a little program which checks for the hashcode value of the common password for the ID, and if found to be different then updates the table field with the original hashcode again. You can then change the password by changing the program code.
It sounds like you might also want to check the difference between the current date and the last password change date and update that too if it approaches the value of the parameter which controls password expiration time.
You could even make this event triggered, but just scheduling it as a job would probably be sufficient.
Have a nice weekend!
Ned
Answer:
1. Sharing IDs is a violation of all security practices
2. is a violation of our SAP liscense
3. looses all accountability as to who did what.
That said.
Set the user up as a SERVICE user type and the password will not expire.