Skip to Content
Technical Articles
Author's profile photo Frank Buchholz

Show overview about security policies (SECPOL)


A security policy is a collection of security policy attributes and their values. This definition replaces the definition of behavior with profile parameters: once a security policy is assigned to a user master record, this determines the desired behavior. The profile parameters are only relevant for those user master records for which no security policy has been assigned.

You can easily view the current settings of security policies in transaction SECPOL individually.

However, there is no tool available which shows the effective settings of all policies in comparison with the current settings of profile parameters. You can use the custom report ZSHOW_SECPOL for this purpose.


You can get this report from GitHub:

You can either copy&paste the source code or use abapGit to load the whole package.

Selection screen

The reports allows to select up to 20 security policies. (This artificial limitation is based on the layout of the result screen.)


The result shows following columns:

  • Attribute type
  • Attribute name
  • Default attribute value (this value is used if a policy does not define a specific value)
  • For each selected policy: Policy attribute value (the specific values are marked in yellow)
  • Description
  • Corresponding profile parameter
  • Current profile parameter value (values which differ from the default values are marked in red)
  • Kernel default value of profile parameter (this value is identical to the policy default value)

In addition you get a line showing the count of assigned users per policy.



You can navigate to the definition of a security policy by double clicking into the corresponding column.

Limitation: If you navigate from the report to the definition of a security policy, you can view and maintain this policy but you cannot create new ones. Use transaction SECPOL instead to create new security policies.

You can navigate to transaction RZ11 for a profile parameter by double clicking into the corresponding columns.


Online Help – Security Policy Attributes for Logon and Passwords
Online Help – Profile Parameters for Logon and Password (Login Parameters)
SCN Blog – SAP Security policies / Group policies (2013)
Daniel Berlin Blog – A note on SECPOL behavior (2015)
RZ10 Blog – SAP-Passwortregeln: Profilparameter und Security Policies via SECPOL (2019)

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Carsten Olt
      Carsten Olt

      Great blog and report, many thanks Frank 🙂

      Author's profile photo Julia Bayrhammer
      Julia Bayrhammer

      Thank you very much for this report, Frank Buchholz!

      And complementary to your information that the report allows to select up to 20 security policies - on a S4H system there are 23 security policies 🙂

      Author's profile photo Christian Rinner
      Christian Rinner

      Hi Frank,

      thanks for the info.

      We need information for the DSAG Prüfleitfaden to the following attributes and couldn´t find any additonal infos:


      Do you have extended description for them?

      Best Regards

      Christian & Ralf Köhler