To make the parameters globally effective in an SAP System (system profile parameters), set them in the default system profile DEFAULT.PFL. However, to make them instance-specific, you must set them in the profiles of each application server in your SAP System.
To display the documentation for one of the parameters, choose Tools >> CCMS>> Configuration >> Profile Maintenance (transaction RZ10), specify the parameter name and choose Display.
Password Checks
Parameters |
Explanation |
login/min_password_lng |
Defines the minimum length of the password.
Default value: 3; permissible values: 3 – 8
|
login/min_password_digits |
Defines the minimum number of digits (0-9) in passwords.
Default value: 0; permissible values: 0 – 8
Available as of SAP Web AS 6.10
|
login/min_password_letters |
Defines the minimum number of letters (A-Z) in passwords.
Default value: 0; permissible values: 0 – 8
Available as of SAP Web AS 6.10
|
login/min_password_specials |
Defines the minimum number of special characters in the password Permissible special characters are ()!\"@ $%&/()=?'`*+~#-_.,;:{[]}\\<>
Default value: 0; permissible values: 0 – 8
Available as of SAP Web AS 6.10
|
login/min_password_diff |
Defines the minimum number of characters that must be different in the new password compared to the old password.
Default value: 1; permissible values: 1 – 8
Available as of SAP Web AS 6.10
|
login/password_expiration_time |
Defines the validity period of passwords in days.
Default value: 0; permissible values: any numerical value
|
login/password_change_for_SSO |
If the user logs on with Single Sign-On, checks whether the user must change his or her password.
Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package
|
login/disable_password_logon |
Controls the deactivation of password-based logon
Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package
|
login/password_logon_usergroup |
Controls the deactivation of password-based logon for user groups
Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package
|
Multiple Logon
Parameters |
Explanation |
login/disable_multi_gui_login |
Controls the deactivation of multiple dialog logons
Available as of SAP Basis 4.6
|
login/multi_login_users |
List of excepted users (multiple logon)
Available as of SAP Basis 4.6
|
Incorrect Logon
Parameters |
Explanation |
login/fails_to_session_end |
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts. The parameter is to be set to a value lower than the value of parameter login/fails_to_user_lock.
Default value: 3; permissible values: 1 -99
|
login/fails_to_user_lock |
Defines the number of unsuccessful logon attempts before the system locks the user. By default, the lock applies until midnight.
Default value: 12; permissible values: 1 -99
|
login/failed_user_auto_unlock |
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight.
Default value: 1 (Lock applies only on same day); permissible values: 0, 1
|
Initial Password: Limited Validity
Parameters |
Explanation |
login/password_max_new_valid |
Defines the validity period of passwords for newly created users.
Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package
|
login/password_max_reset_valid |
Defines the validity period of reset passwords.
Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package
|
SSO Logon Ticket
Parameters |
Explanation |
login/accept_sso2_ticket |
Allows or locks the logon using SSO ticket.
Available as of SAP Basis 4.6D, as of SAP Basis 4.0 by Support Package
|
login/create_sso2_ticket |
Allows the creation of SSO tickets.
Available as of SAP Basis 4.6D
|
login/ticket_expiration_time |
Defines the validity period of an SSO ticket.
Available as of SAP Basis 4.6D
|
login/ticket_only_by_https |
The logon ticket is only transferred using HTTP(S).
Available as of SAP Basis 4.6D
|
login/ticket_only_to_host |
When logging on over HTTP(S), sends the ticket only to the server that created the ticket.
Available as of SAP Basis 4.6D
|
Other Login Parameters:
Parameters |
Explanation |
login/disable_cpic |
Refuse incoming connections of type CPIC |
login/no_automatic_user_sapstar |
Controls the emergency user SAP* (SAP Notes 2383 and 68048) |
login/system_client |
Specifies the default client. This client is automatically filled in on the system logon screen. Users can type in a different client. |
login/update_logon_timestamp |
Specifies the exactness of the logon timestamp.
Available as of SAP Basis 4.6
|
Other User Parameters
Parameters |
Explanation |
rdisp/gui_auto_logout |
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections).
Default value: 0 (no restriction); permissible values: any numerical value
|
Learn more about this effects different user type
|
