Important Security Parameters- Helpful for basis!
|PARAMETER||PARAMETER DESCRIPTION||SUGGESTION||SAP DEFAULT|
|Login/fails_to_session_end||Number of times a user can enter an incorrect password before the system terminates the logon attempt. Default is 3||3||3|
|Login/fails_to_user_lock||Number of times a user can enter an incorrect password before the system locks the user against further logon attempts.||5||6|
|Login/system_client||Specifies the default client. This client is automatically filled in on the system logon screen. Users can overwrite this.||As per team.||001|
|Login/failed_user_auto_unlock||Enable automatic unlock of locked users at midnight. Default is 1 -– allowed||0||1|
|rdisp/max_alt_modes||You can use this parameter to restrict the maximum number of external sessions a user is allowed to open in one logon.||3||6|
|Login/min_password_lng||Minimum length of a password. Default is 3. Any values from 2 – 8. SAP also provides a mechanism for additional customization of password restrictions.||6||3|
|login/min_password_digits||Defines the minimum number of digits (0-9) in passwords||1||0|
|login/min_password_letters||Defines the minimum number of letters (A-Z) in passwords||1||0|
|login/min_password_specials||min. number of special characters in passwords||1||0|
|Login/password_expiration_time||Number of days after which a password must be changed. When the expiration time is reached, the user is asked to enter a new password. Default is ‘0’ – no time limit.User will start getting a pop up 5days before the expiration date.||60||0|
|Login/no_automatic_user_sap*||Disables special properties for user SAP* when this parameter is set to a value greater than zero. When the parameter is reset to 0, it would allow logins with SAP* using the default delivered password and unrestricted system access privileges. The default is 0 – permitted.||1||0|
|Rdisp/gui_auto_logout||Specifies the number of seconds a user session can be idle before being automatically logged off by the system. Default is 0||1800||0|
|auth/no_check_in_some_cases||Used to enable SU24 to activate authorization checks for transactions and to work with the Profile Generator. Default is Y.||Y||Y|
Checks on object S_TCODE.It disables Tcode checking for SU53 & SU56 analysis In certain cases, this can be shut off, but it results in a big security risk for the system.Do not change unless absolutely necessary.
Enables easier diagnosis of security failures since allows running of System Trace (transaction ST01).
Caution: Setting this parameter greatly affects system performance!
|login/disable_multi_gui_login||Disable multiple sapgui logons (for same R/3 account). Default is ‘0’ – off.||1||0|
Enables security audit logging. Default is ‘0’ à logging not enabled
Maximum file size of a security audit file allowed for each event. Default is 1,000,000 B.
This parameter is relevant only if security audit logging is in use
|rsau/selection_slots||The parameter specifies the number of selection units that are set using Transaction SM19 and checked by the system during processing. Default is 2 – meaning two audit files can be open at any given point||2||2|
Authorization objects can be deactivated with the transaction AUTH_SWITCH_OBJECTS, if this parameter is set to “Y” or is not set. If it is set to “N”, it cannot be deactivated. Default is Y à can be deactivated.
If SNC (Secure network communications) is activated, then by default all incoming connections will only be accepted if they are secure. If this parameter is set to “1”, the work processes try to activate/initialize the SNC module (Secure Network Communications) when uploading. Default is ‘0’ à not activated
Activating authorization check against authorization object S_RFC while executing RFC communication. Default is 1 à Authorization check active.
This parameter can be used to switch off the automatic authorization check for particular ABAP/4 language. This parameter is necessary to ensure downward compatibility of the R/3 kernel. Default is ‘0’ à check remains active.