SAP Knowledge Base Article - Public

2974835 - How to Avoid Business User Bypass Password Change?

Symptom

You have observed that it is possible for the users to bypass the password change by selecting Cancel button or Refresh button in the logon page.

Environment

  • SAP Business ByDesign
  • SAP Cloud for Customer

Reproducing the Issue

This symptom is possible in two scenarios,

  1. Initial Password Change / Password reset by Admin
  2. Password expired

Cause

This system behavior is consistent with the security policy configuration's expected behavior.

The Admin Password Change Enforcement is set to Ignore. Therefore the user is able to logon, even after clicking the Cancel button / Refresh option in browser

Initial Password Change:

The administrator can set an initial password for each user in the system. On the first logon of the user, the system requests to change the password which is otherwise known to the administrator.

The Admin Password Change Enforcement allows to ignore or to enforce the change of the initial logon password.

Resolution

To resolve the issue:

  1. Go to Application and User Management (SAP Business ByDesign) or Administrator (SAP Cloud for Customer) work center
  2. Go to Edit Security Polices under Common Tasks
  3. Change the Admin Password Change Enforcement to Enforce

The Admin Password Change Enforcement field is visible, if Password Logon Enabled is selected for a particular security policy.

If it is set to Ignore, a user will be prompted for the change of initial password, and after selecting Cancel, the user will be still allowed to log on to the system.

To set up the security policy, follow the instructions in the Security Policies Quick Guide.

See Also

For more information, see the Security Policies Quick Guide.

Keywords

Anmeldung ohne Änderung Initialpasswort, initial password, user id, password, login, log-on, log-in, credentials, ignore, enforce, bypass, renew password, byd, c4c , KBA , SRD-CC-SEC , Security , SRD-CC-IAM , Identity & Access Management , Problem

Product

SAP Business ByDesign all versions ; SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications all versions