Skip to Content
PARAMETER PARAMETER DESCRIPTION SUGGESTION SAP DEFAULT
Login/fails_to_session_end Number of times a user can enter an incorrect password before the system terminates the logon attempt. Default is 3 3 3
Login/fails_to_user_lock Number of times a user can enter an incorrect password before the system locks the user against further logon attempts. 5 6
Login/system_client Specifies the default client. This client is automatically filled in on the system logon screen. Users can overwrite this. As per team. 001
Login/failed_user_auto_unlock Enable automatic unlock of locked users at midnight. Default is 1 -– allowed 0 1
rdisp/max_alt_modes You can use this parameter to restrict the maximum number of external sessions a user is allowed to open in one logon. 3 6
Login/min_password_lng Minimum length of a password. Default is 3. Any values from 2 – 8. SAP also provides a mechanism for additional customization of password restrictions. 6 3
login/min_password_digits Defines the minimum number of digits (0-9) in passwords 1 0
login/min_password_letters Defines the minimum number of letters (A-Z) in passwords 1 0
login/min_password_specials min. number of special characters in passwords 1 0
Login/password_expiration_time Number of days after which a password must be changed. When the expiration time is reached, the user is asked to enter a new password. Default is ‘0’ – no time limit.User will start getting a pop up 5days before the expiration date. 60 0
Login/no_automatic_user_sap* Disables special properties for user SAP* when this parameter is set to a value greater than zero. When the parameter is reset to 0, it would allow logins with SAP* using the default delivered password and unrestricted system access privileges. The default is 0 – permitted. 1 0
Rdisp/gui_auto_logout Specifies the number of seconds a user session can be idle before being automatically logged off by the system. Default is 0 1800 0
auth/no_check_in_some_cases Used to enable SU24 to activate authorization checks for transactions and to work with the Profile Generator. Default is Y. Y Y
auth/tcodes_not_checked

Checks on object S_TCODE.It disables Tcode checking for SU53 & SU56 analysis In certain cases, this can be shut off, but it results in a big security risk for the system.Do not change unless absolutely necessary.

N Empty string
auth/authorization_trace

Enables easier diagnosis of security failures since allows running of System Trace (transaction ST01).

  Caution: Setting this parameter greatly affects system performance!

N N
login/disable_multi_gui_login Disable multiple sapgui logons (for same R/3 account). Default is ‘0’ – off. 1 0

rsau/enable

Enables security audit logging. Default is ‘0’ à logging not enabled

0 0
rsau/max_diskspace/local

Maximum file size of a security audit file allowed for each event. Default is 1,000,000 B.

  This parameter is relevant only if security audit logging is in use

20M 20M
rsau/selection_slots The parameter specifies the number of selection units that are set using Transaction SM19 and checked by the system during   processing. Default is 2 – meaning two audit files can be open at any given point 2 2
Auth/object_disabling_active

Authorization objects can be deactivated with the transaction AUTH_SWITCH_OBJECTS, if this parameter is set to “Y” or is not set.  If it is set to “N”, it cannot be deactivated.  Default is Y à can be deactivated.

N Y
snc/enable

If SNC (Secure network communications) is activated, then by default all incoming connections will only be accepted if they are secure. If this parameter is set to “1”, the work processes try to activate/initialize the SNC module (Secure Network Communications) when uploading. Default is ‘0’ à not activated

0 0
auth/rfc_authority_check

Activating authorization check against authorization object S_RFC while executing RFC communication. Default is 1 à Authorization check active.

1 1
auth/system_access_check_off

This parameter can be used to switch off the automatic authorization check for particular ABAP/4 language. This parameter is necessary to ensure downward compatibility of the R/3 kernel. Default is ‘0’ à check remains active.

0 0

Regards,

Himanshu Sharma

To report this post you need to login first.

13 Comments

You must be Logged on to comment or reply to a post.

  1. Yves KERVADEC

    Nice list, thanks.

    Here are some others (few are duplicates, sorry)

     

    Parameter

    Role

    Default value

    login/disable_multi_gui_login

    disable multiple sapgui logons (for same SAP account)

    0

    login/multi_login_users

    List of  users that can have multiple logon (if  login/disable_multi_gui_login is set)

     

    login/disable_password_logon

    Deactivate password-based logon

    0

    login/password_logon_usergroup

    Users of this group can still logon with passwords (if login/disable_password_logon is set)

     

    login/failed_user_auto_unlock

    Enable automatic unlock off locked user at midnight

    0

    login/fails_to_session_end

    Number of invalid login attempts until session end

    3

    login/fails_to_user_lock

    Number of invalid login attempts until user lock

    5

    login/password_expiration_time

    Dates until password must be changed

    0

    login/password_history_size

    Number of records to be stored in the password history

    5

    login/password_change_waittime

    Password change possible after # days (since last change)

    1

    login/password_max_idle_initial

    maximum #days a password (set by the admin) can be unused (idle)

    0

    login/password_max_idle_productive

    maximum #days a password (set by the user) can be unused (idle)

    0

    login/min_password_diff

    min. number of chars which differ between old and new password

    1

    login/min_password_digits

    min. number of digits in passwords

    0

    login/min_password_letters

    min. number of letters in passwords

    0

    login/min_password_lng

    Minimum Password Length

    6

    login/min_password_lowercase

    minimum number of lower-case characters in passwords

    0

    login/min_password_specials

    min. number of special characters in passwords

    0

    login/min_password_uppercase

    minimum number of upper-case characters in passwords

    0

    login/password_charset

    Define character set used for passwords (only if login/password_downwards_compatibility is set)

    1

    login/password_downwards_compatibility

    password downwards compatibility (8 / 40 characters, case-sensitivity)

    1

    login/password_compliance_to_current_policy

    Activate the check of password policy compliance at each login

    0

    login/update_logon_timestamp

    Update frequency / accuracy of logon timestamp (D day, h hour, m minute, s second)

    m

    login/no_automatic_user_sapstar

    If set to 1 disable the automatic (kernel) login for user SAP*

    1

    login/password_change_for_SSO

    Handling of password change enforcements in Single Sign-On situations

    1

    (0) 
      1. Juan Reyes

        If correct procedures are in place, it should never get to a point where a security/login parameter is implemented with incorrect values in a production system effectively becoming a critical situation. That is why a standard landscape has three tiers.

        (0) 

Leave a Reply