Symptom
You have observed that it is possible for the users to bypass the password change by selecting Cancel button or Refresh button in the logon page.
Environment
- SAP Business ByDesign
- SAP Cloud for Customer
Reproducing the Issue
This symptom is possible in two scenarios,
- Initial Password Change / Password reset by Admin
- Password expired
Cause
This system behavior is consistent with the security policy configuration's expected behavior.
The Admin Password Change Enforcement is set to Ignore. Therefore the user is able to logon, even after clicking the Cancel button / Refresh option in browser
Initial Password Change:
The administrator can set an initial password for each user in the system. On the first logon of the user, the system requests to change the password which is otherwise known to the administrator.
The Admin Password Change Enforcement allows to ignore or to enforce the change of the initial logon password.
Resolution
To resolve the issue:
- Go to Application and User Management (SAP Business ByDesign) or Administrator (SAP Cloud for Customer) work center
- Go to Edit Security Polices under Common Tasks
- Change the Admin Password Change Enforcement to Enforce
The Admin Password Change Enforcement field is visible, if Password Logon Enabled is selected for a particular security policy.
If it is set to Ignore, a user will be prompted for the change of initial password, and after selecting Cancel, the user will be still allowed to log on to the system.
To set up the security policy, follow the instructions in the Security Policies Quick Guide.
See Also
For more information, see the Security Policies Quick Guide.
Keywords
Anmeldung ohne Änderung Initialpasswort, initial password, user id, password, login, log-on, log-in, credentials, ignore, enforce, bypass, renew password, byd, c4c , KBA , initial password , anmeldung ohne änderung initialpasswor , log-in , credentials , SRD-CC-SEC , Security , SRD-CC-IAM , Identity & Access Management , Problem