SAP Knowledge Base Article - Public

3264665 - What's New "New Password Security Policy for Business Users"


In this document explains SAP Password Security Policy for Business Users and some of the important related KBA's for the Security Policy.


  1. SAP Business ByDesign
  2. SAP Cloud for Customer


What's New

"A new password security policy called S_BUSINESS_USER_V2 is now available in SAP Business ByDesign and SAP Cloud for Customer, and the existing password security policy S_BUSINESS_USER is now deprecated. If you have set the S_BUSINESS_USER policy as the default, then after the upgrade the new S_BUSINESS_USER_V2 policy will be set as the default. However, if you have set any other password security policy as the default, the same setting will remain in the system."

The following are the improvements in the new password security policy as compared to the existing S_BUSINESS_USER policy.




Minimum number of characters



Password History



Is Default

Changed to No


Q & A:

1. Does this improvement affect existing Users?

Ans: This change will not affect existing users. If a user has password policy S_BUSINESS_USER, the password rules are still bound by the S_BUSINESS_USER policy. Customer can change the password policy assigned to a business user anytime from the Business User Edit Attributes screen.

2. For whom it will be impacted and How?

Ans: If a password policy is default, it means that any new employee hired in the system (or in other words, new business users created in the system), will have this particular password policy. In this case, previous default password policy is 'S_BUSINESS_USER'. Now if default password policy is set to 'S_BUSINESS_USER_V2', this does not affect the users having either of the password policies, it only means that for any new business users created in the system, the password policy 'S_BUSINESS_USER_V2' will be assigned as default.

3. My default security is not S_BUSINESS_USER but S_BUSINESS_USER_WITHOUT_PASSWORD. What would be the risk if I do not change those users (for integration) security policies to S_BUSINESS_USER_V2? Would the basic authentication loses its functionality?

S_BUSINESS_USER_V2 provides a much more stricter policy for passwords of Business User. That's where our recommendation is to move to new security policy. However, if there is no change done then system will continue to work.

4. When would be the full deprecation of S_BUSINESS_USER ?

As of now full deprecation of S_Business_user is not planned.. We will give at least one release notice in advance before stopping the support

5. Will there be any impact, If a user overwrite a security policy?

It is completley based on the user decision and business need. User can assign the desired password policy to a user anytime from Application and User Management -> Business Users -> Edit -> Attributes screen.

See Also

Important KBA's:

1881710 - Unable to change the parameters for SAP delivered security policy.

2949663 - Activate SHA256 Security Policy

2951799 - How To Export Security Policy and Business User Details

2462998 - How-to update the security policy of multiple business user

2820544 - All Users Able To Log Via SSO Regardless Security Policy

2608632 - Frequently Asked Questions on Identity and Access Management

2595989 - How to Enable Only SSO Login for Business Users

Help Portal Link:

SAP Business ByDesign What's New: New Password Security Policy for Business Users

SAP Cloud for Customer What's New: New Password Security Policy for Business Users

Security Policy Qucik Guide


What's New, Security Policy, S_BUSINESS_USER_V2, Password Policy, Password Security Policy, IAM, Identity and Access Management, Business User, Password. , KBA , what's new , password policy , security policy , SRD-CC-IAM , Identity & Access Management , SRD-CC-SEC , Security , How To


SAP Business ByDesign 2211 ; SAP Cloud for Customer core applications 2211