Profile parameter for passwords - conflicting documentations.

Similar Messages

• Configuring profile parameter for a table lock object

  Hi Experts-
    I want to set the 'wait time' (_WAIT) parameter as a profile parameter for a table lock object.
    I have created a lock object on a ZTable. I lock and unlock this object in exclusive non-cumulative mode through the enqueue and dequeue lock object function modules. These generated FMs are invoked via my custom function module.
    My function module will run in the background as a scheduled task in R/3. I execute the Enqueue FM at the start of the FM and keep the table locked until the last step finishes in my FM and then I Dequeue it. I want to have the processing wait and retry the Enqueuring FM at set intervals in case the one run doesn't finish entirely and a new run of this same job kicks off.
  Thank you,
  - Vik.

  Set the wait parameter = 'X'.  These means that if it encounters a lock, then it will wait a certain time for the lock to be released.  This certain time is a system value set by your basis team.  I don't imagine it being a very long time.
    CALL FUNCTION 'ENQUEUE_EZPIPHYINVREF'
         EXPORTING
              MODE_ZPIPHYINVREF = 'E'
              MANDT             = SY-MANDT
              _WAIT             = 'X'.
  Regards,
  Rich Heilman

• Profile parameter for to change password

  Hello everyone.
        Is there any profile parameter to change the password after certain number of days say 30 days. I see there are profile parameters for lenght , uppercase, lowecase but is there one to change the password after a given period of time.
  Thanks.
  Neha.

  > I checked the profile parameters using the program RSPARAM. But I am not able to find a parameter to prevent the old password from being used at least ten times. I also checked in the table TPFET.
  >
  login/min_password_diff                  min. number of chars which differ between old and new password
  > And also can we prevent the password being same as user id.
  >
  > Should these parameters be changed in the deafault profile or instance or start profile.
  >
  It depends ... you may decide this by discussing with BASIS team and as per your Company SOP. I prefer Default profile. But never use Instance profile.
  Please go through the following links:
  [Password Rules|http://help.sap.com/saphelp_nw04/helpdata/en/d2/141fb593c742b5aad8f272dd487b74/frameset.htm]
  [Profile Parameters for Logon and Password (Login Parameters)|http://help.sap.com/saphelp_nw04/helpdata/en/d2/141fb593c742b5aad8f272dd487b74/frameset.htm]
  [Password rules and preventing incorrect logons|https://websmp110.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=2467&_NLANG=E]
  [ Note 862989 - New password rules as of SAP NetWeaver 2004s (NW ABAP 7.0)|https://service.sap.com/sap/support/notes/862989]
  [Logon and Password Security in the SAP System|http://help.sap.com/saphelp_nw04/helpdata/en/eb/4bb638b5358259e10000009b38f8cf/frameset.htm]
  Regards,
  Dipanjan

• Profile parameter for ENQUEUE

  The ENQUEUE function module also has the parameter _WAIT. This parameter determines the lock behavior when there is a Structure linklock conflict.
  You have the following options:
  ·  X: If a lock attempt fails because there is a competing lock, the lock attempt is repeated after waiting for a certain time. The exception FOREIGN_LOCK is triggered only if a certain time limit has elapsed since the first lock attempt. The waiting time and the time limit are defined by profile parameters.
  i want to know what  parameter define the wait time, thanks very much!

  Dear,
  Please look to the below link, especially "Creating lock objects and Example of lock objects"...
  http://help.sap.com/saphelp_46c/helpdata/en/cf/21eebf446011d189700000e8322d00/frameset.htm
  Regards,
  Sreenivas .Y

• Profile Parameter for HTTP communication

  I have installed PI 7.1 service which contain double stacks(ABAP+JAVA).
  Is it possible to access ABAP server using 8000 port, and Java server using 50000 port? (System number is 00).
  The prerequisite is i need the the parameter icm/server_port_0 to be added to the profile.

  Hi Sharath, thanks for you reply.
  Yes, after installation the default ports for ABAP and JAVA are 8000 and 50000. But if i set the parameter icm/server_port_0 = PROT=HTTP,PORT=50000, then the ABAP server also should be accessed through port 50000. If i still use 8000, nothing will return. If set icm/server_port_0 = PROT=HTTP,PORT=8000, then i only can access Java server also use port 8000.
  I wonder if it is possible to use these two ports for ABAP and JAVA respective??
  Thanks so much!
  Regards
  Edited by: Chris Xu on Mar 2, 2010 8:28 PM

• Profile parameter for BTC ignored.

  This weekend, we ended up restoring some production systems.  Becuase we did not want any background to run once the systems came up we changed the btc parm to  "rdisp/wp_no_btc = 0 ".  As we know, this should bring up the system without any background processes.  This change was made on the instace level profile, and we checked for duplicate entries.  After the PIT restore, SAP was brought up.  However the same number of BGD processes were still active on the system.  A look at RZ11 shows that the profile is set to 0 for all three categories. 
  The system in question are the BI system and the SCM system. 
  BI is on EhP1 andSCM is on 5.0.
  The BI system is a muliti instance system, and the CI was changed to have BTC=0 and was brought up alone
  SCM is a singe instance system.
  Any ideas would be appreciated.
  Regards,
  Dan

  Thanks for the reply, but not exactly what I was asking.
  To clarify.
  I want to bring up the system with no background process.  As you know when the system comes up the table TBTCS is searched for any dates in the past and those jobs that are found are scheduled.  To this end, we set the profile parm
  rdisp/wp_no_btc =0.  However when the systems came up the original number of background processes were crearted.  More perplexing is that looking at the parm in RZ11 shows the values for PROFILE, DEFAULT and CURRENT all set to 0.
  So why did the system come up with BGD processes.
  Regards,
  Dan

• Profile Parameter Setup (RZ10) - Help Needed

  In using RZ10 to setup profile parameter for QAS, in the scenario below:
  How dow I change the "Unsubtituted and Subituted standard value to match this
  miadevs2\sapmnt\trans                                                                               
  Parameter name:                                                 Status      Seq. no.
  DIR_TRANS                                                       Active            3                                                                               
  Parameter val.:                                                                    
  $(SAPTRANSHOST)\sapmnt\trans                                                                               
  Unsubstituted standard value:                                                      
  miaqasc2\saploc\trans   <b>(Need to change this value - It is grayed out)</b>
                                                                                  Substituted standard value:                                                
  miaqasc2\saploc\trans <b>(Need to change this value - It's grayed out)             </b>

  Hi Joseph,
  Change the field in "Param Value" at the top.
  It will changed automatically the field value.
  Hope this helps,
  Erwan

• How to change INSTANCE profile parameter?

  HI,
  How to change INSTANCE PROFILE PARAMETER for permanent???
  any step by step or note?
  Thanks,

  Alf,
  Its is recommended to do parameter changes through RZ10. Check the parameter in RZ11 and if you see a check mark against DynamicallySwitchable, you dont have to reboot else it requires a reboot. All the changes you made through RZ10 is permanent. You can do it through OS level but its not a good practice. If you do it through RZ10 it is logged.
  Thanks
  Prince Jose

• Creating a Perl script for SAP sytem profile parameter

  Hi,
  I need to create a perl script for all th eprofile parameter to check as a security directive ,so that whenever the system is started it checks for this profile parameter.
  As per my company sap directive ,these are the profile parameter i need to set.
  Can anyone let me know how to write the scripts.
  login/min_password_lng Minimum password length for user password 320 Min.
  8
  login/password_expiration_t
  ime
  Number of days between forced password change. 0 Max.
  35
  login/fails_to_session_end Number of invalid logon attempts allowed before the
  SAP GUI is disconnected.
  3 Max.
  3
  login/fails_to_user_lock Number of invalid logon attempts before the user id is
  automatically locked by the system.
  12 Max.
  6
  rdisp/gui_auto_logout Time, in seconds, that SAPGUI is automatically disconnected
  because of in-activity.
  0 60-
  7200
  21
  auth/test_mode Jump into report RSUSR400 at every authority check N N22
  auth/system_access_check_
  off
  Switch off automatic authority check for special ABAP
  commands
  0 0
  auth/no_check_in_some_ca
  ses
  Special authorization checks turned off by customer.
  Enabling of Profile Generator
  N/Y23 Y
  login/ext_security Security access controlled by external software. N N24
  auth/rfc_authority_check Permission for remote function calls from within ABAP
  programs
  0 1
  login/failed_user_auto_unlo
  ck
  Enable system function for automatic unlock of users
  at midnight. (0 = locks remain)
  0 0
  login/
  no_automatic_user_sapstar
  (as of 3.1h)
  login/no_automatic_user_sa
  p* (prior to 3.1h)
  Disable ability to logon as SAP* with PASS as password
  when SAP* deleted.
  0 125,26
  auth/tcodes_not_checked TCode checking for SU53 & SU56 analysis disabled (empty
  "SU5
  3
  Regards,
  Chetan.

  Here's a simple perl script that should help you get what it is you're looking for - you can add all the parameters you want to search for, I just took a few of them:
  #!/usr/bin/perl -w
  use strict;
  use sapnwrfc;
  SAPNW::Rfc->load_config;
  my $rfc = SAPNW::Rfc->rfc_connect;
  my @parms = (   "login/min_password_lng",
            "login/password_expiration_time",
            "login/fails_to_session_end",
            "login/fails_to_user_lock" );
  for my $x (0 .. $#parms) {
       my $rcc = $rfc->function_lookup("SXPG_PROFILE_PARAMETER_GET");
       my $slr = $rcc->create_function_call;
       $slr->PARAMETER_NAME($parms[$x]);
       $slr->invoke;
       print "Value for $parms[$x] is: ".$slr->PARAMETER_VALUE."\n";
  $rfc->disconnect();
  And running it, you'll get:
  [dhull@397 scripts]$ ./read-profile.pl
  Value for login/min_password_lng is: 7
  Value for login/password_expiration_time is: 90
  Value for login/fails_to_session_end is: 3
  Value for login/fails_to_user_lock is: 6
  [dhull@397 scripts]$
  If you need to get your perl environment read to make RFC calls to your SAP system, check my series of blogs on how to do so here:
  https://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/u/251752730
  Cheers,
  David.

• Profile Parameter : Time out for executing query on the web

  Hi gurus,
  I am executing queries on the web directly. This can be done from query designer with the button that says "Execute query on web". The problem is that for queries that take more than 600 Secs to run, I get an Application timed out error. Queries that take less than this run smoothly.
  Can anyone please tell me the profile parameter associated with this particular setting. It is not rdisp/max_wprun_time, I know for sure since the value for this profile parameter in my system is 9999. Please help.
  Thanks & rgds,
  Sree

  Issue resolved.
  Profile Paramter - icm/server_port_0
  Current Value - PROT=HTTP,PORT=8000,TIMEOUT=60,PROCTIMEOUT=600
  Changed to - PROT=HTTP,PORT=8000,TIMEOUT=60,PROCTIMEOUT=3600
  rgds,
  Sree

• Personal Profile service for Brazil - Type Conflict for infotype 0002

  Hello All,
  We are enabling personal profile service for Brazil. And we did all the required configuration for that.
  When I access the personal info service I can see the overview page with personal data. But when I click on display link, I get the error message saying -
  Type conflict with ASSIGN in program CL_HRPA_UI_CONVERT_0002_BR
  Is there any configuration missing?
  Thanks,
  Bhushan

  Short text
      Type conflict with ASSIGN in program "CL_HRPA_UI_CONVERT_0002_BR====CP".
  What happened?
      Error in the ABAP Application Program
      The current ABAP program "CL_HRPA_UI_CONVERT_0002_BR====CP" had to be
       terminated because it has
      come across a statement that unfortunately cannot be executed.
  What can you do?
      Note down which actions and inputs caused the error.
      To process the problem further, contact you SAP system
      administrator.
      Using Transaction ST22 for ABAP Dump Analysis, you can look
      at and manage termination messages, and you can also
      keep them for a long time.
  Error analysis
      You attempted to assign a field to a typed field symbol,
      but the field does not have the required type.
  How to correct the error
      Adapt the type of the field symbol to the type of the field or use an
      untyped field symbol or use the "CASTING" addition.
      If the error occures in a non-modified SAP program, you may be able to
      find an interim solution in an SAP Note.
      If you have access to SAP Notes, carry out a search with the following
      keywords:
      "ASSIGN_TYPE_CONFLICT" " "
      "CL_HRPA_UI_CONVERT_0002_BR====CP" or "CL_HRPA_UI_CONVERT_0002_BR====CM003"
      "IF_HRPA_UI_CONVERT_STANDARD~OUTPUT_CONVERSION"
      If you cannot solve the problem yourself and want to send an error
      notification to SAP, include the following information:
      1. The description of the current problem (short dump)
         To save the description, choose "System->List->Save->Local File
      (Unconverted)".
      2. Corresponding system log
         Display the system log by calling transaction SM21.
         Restrict the time interval to 10 minutes before and five minutes
      after the short dump. Then choose "System->List->Save->Local File
      (Unconverted)".
      3. If the problem occurs in a problem of your own or a modified SAP
      program: The source code of the program
         In the editor, choose "Utilities->More
      Utilities->Upload/Download->Download".
  Line  SourceCde
      6   DATA: attributes           TYPE hrpad_field_attribute_tab.
      7   DATA: l_object_key         TYPE hcm_object_key.
      8   DATA: l_subrc              TYPE sysubrc.
      9
     10   FIELD-SYMBOLS <r0002_br>   TYPE hcmt_bsp_pa_br_r0002.
     11   FIELD-SYMBOLS <p0002_br>   TYPE p0002.
     12   FIELD-SYMBOLS <p0625>      TYPE p0625.
     13
     14   is_ok = if_hrpa_ui_convert_standard~true.
     15   ASSIGN screen_structure    TO <r0002_br>.
     16   l_object_key = <r0002_br>-object_key.
     17   MOVE-CORRESPONDING pnnnn TO super_screen_ref.
     18
     19   CALL METHOD super->if_hrpa_ui_convert_standard~output_conversion
     20     EXPORTING
     21       screen_structure_name = a_super_screen_structure_main
     22       pnnnn                 = pnnnn
     23       message_handler       = message_handler
     24       field_metadatas       = field_metadatas
     25     IMPORTING
     26       screen_structure      = super_screen_ref
     27       is_ok                 = is_ok
     28       field_attributes      = field_attributes.
     29
     30   MOVE-CORRESPONDING super_screen_ref TO screen_structure.
     31
     32   CASE a_super_screen_structure_main.
     33     WHEN 'HCMT_BSP_PA_XX_R0002'.
     34       ASSIGN pnnnn                  TO <p0002_br>.
     35       ASSIGN screen_structure       TO <r0002_br>.
  >>>>>       ASSIGN pnnnn2                 TO <p0625>.
     37       MOVE-CORRESPONDING <p0002_br> TO <r0002_br>.
     38       MOVE-CORRESPONDING <p0625>    TO <r0002_br>.

• Password Profile Parameter

  Dear All,
  Kindly advice,
  We have recently changed the instance profile parameters for enabling
  the password policy. The parameters that we changed are
  login/password_expiration_time 60
  login/min_password_specials 1
  login/min_password_lng 8
  login/min_password_letters 2
  login/min_password_digits 1
  login/password_max_new_valid 45
  login/password_max_reset_valid 45
  We are using ECC 4.7
  After we have restarted the system, all users were prompted
  automatically to change the passwords except three users which we had
  created recently.. Although we have given the "login/min_password_lng"
  as 8, it still taking 4 letters as password without any special
  characters in it.
  Kindly advice us in this regard and if u need any more information
  please let us know.
  Regards
  GAURAV

  Hi,
  As said by António Barrote, might be you are having more application servers and parameters are set in one server only. If that is the case then if those 3 users are logging in to other server then it will not prompt.  Also, if you say that, no we have only one server and all the parameters are set correctly and working fine for other 240 users. Then yes you are right.
  As per my understanding, it has not asked for password change for these 3 users because this users are created recently and after creating them you have set the parameters. Hence after the parameters came in to effect it will not ask for password change for these 3 users because the password expiration is 60 days as per value you have set above. Hence after 60 days form the date when you have created those users and set password it will prompt them to change password and at that time it will not allow them to set password for length 4 letters, but will set as per the parameters.
  Since for these 3 users password was set before enabling parameters those will apply only after expiration period. Otherwise what you can do is reset the password for them now and ask them to change it and now it will make them change password as per the parameters.
  Hope clarified.
  Thanks & Regards,
  Sharath Babu M

• Profile Parameters for Logon and Password (Login Parameters)

  I've upgraded SM3.2 to SM4.0 and now users can create password with 40 characters. I want to return to max 8 letters in password and to big letters in password. I' haven't found appropriate parameter. Does parameter login/password_downwards_compatibility provide me compatybility to old login parameters?

  Hi,
  Also follow the following
  /people/sap.user72/blog/2005/10/19/attention-security-administrators-new-password-rules-are-on-their-way
  After SAP NetWeaver 6.40, the password hash algorithm is changed from MD5 to SHA-1. This means that more secure hash values, which are not backward-compatible, and which make reverse engineering attacks difficult, can be generated. By default, new systems generate two hash values: a backward-compatible value and a new value. However, you can configure the system so that only the new hash value, which is not backward-compatible, is generated. You can set the degree of backward compatibility with the profile parameter login/password_downwards_compatibility.
  The system can determine the type (new or old) of the current user password at any time. During logon, the system calculates the password hash based on the entered data and in accordance with the information from the user master record (see the hash procedure used) and compares the hash values. The system decides itself which part of the entered password is evaluated.
  · If the user master record shows that the user’s password was encrypted with the old password hash algorithm, the system only evaluates the first eight characters and converts these to upper-case
  · If the user master record shows that the user’s password is encrypted with the new password hash algorithm, the system evaluates all characters as they were entered (up to 40 characters, with no conversion to upper-case).
  The new functions do not initially have any consequences after the upgrade; the operation of the system and password queries continue to run as usual. The passwords of the new type gradually replace the passwords of the old type.
  Do reward with points.
  REgards.

• I want to be the only one who can access my profile, so how to create passwords for profiles (NOT for websites) ?

  I want to be the only one who can access my profile, so how to create passwords for profiles (NOT for websites) ?
  thanks

  Maybe use the portable Firefox version on a USB stick if you want to prevent access to your profile.<br />
  Solutions that use an extension can easily be bypassed by starting in [[Safe mode]].<br />
  Otherwise you need to locate the Firefox profile folder on an encrypted drive.
  See http://portableapps.com/apps/internet/browsers/portable_firefox

• Yosemite server Profile manager how setup time for password after sleep

  Hi,
  In Profile Manager in Setup & Privacy is possibility setup password after sleep, but I need setup time period. Is it possible? Because when I push this profile it prevent users to setup this period and when i remove this profile (whole payload for Security & Privacy) it still prevent users to change this two setting.

  Hi CodyCodes,
  Just discovered the same issue today as well.  Further complicating things, the screensaver timeout setting in Login Window doesn't apply to Profile Manager clients no matter what the setting.  This was reproduced and confirmed by the Apple Tech I was working with.  He's submitted the bug to their engineering staff.  I requested that he ask them why there is no setting for password on sleep or screensaver.  Hopefully this is resolved soon, as this feature is 99% of the reason we're implementing Profile Manager to begin with.
  Cheers