Utilizing SAP Security Policies

This past week, I had a request from a client to change the password and login rules for a limited group of dialog users. Our client wanted the users to be set up with password rules that would allow for a four-digit number as the password and that would not expire after 90 days. SAP has recently introduced some new functionality through Identity Management, which makes this task not only possible, but relatively easy.

In order to create a security policy in SAP that can be assigned to a specific group of users, you must follow these steps (with pictures!):

1. Start the transaction for security policies (SECPOL)

2. In change mode, choose New Entries.

2-19-2014 2-36-34 PM

3. Enter a name in the Security Policy field and a description in the Short Text field.

2-19-2014 2-39-28 PM

4. Double-click the Attributes node.
5. Select the security policy, and double-click the Attributes node one more time. You can now assign attributes to the security policy.

2-19-2014 2-41-46 PM
6. Choose New Entries.
7. In the field Policy Attribute Name, enter, for example using the input help. a security policy attribute and, in the Attribute Value field, a value

.2-19-2014 2-46-34 PM


Possible value attributes include:

PASSWORD_LOCK_EXPIRATION: Automatic Expiration of Password Lock
PASSWORD_HISTORY_SIZE: Size of the Password History
PASSWORD_COMPLIANCE_TO_CURRENT_POLICY: Password Change After Rule Tightening
PASSWORD_CHANGE_INTERVAL: Interval for Regular Password Changes
PASSWORD_CHANGE_FOR_SSO: Password Change Req. for SSO Logons
MIN_PASSWORD_UPPERCASE: Minimum Number of Uppercase Letters
MIN_PASSWORD_SPECIALS: Minimum Number of Special Characters
MIN_PASSWORD_LOWERCASE: Minimum Number of Lowercase Letters
MIN_PASSWORD_LETTERS: Minimum Number of Letters
MIN_PASSWORD_LENGTH: Minimum Password Length
MIN_PASSWORD_DIGITS: Minimum Number of Digits
MIN_PASSWORD_DIFFERENCE: No. of Different Chars When Changing
MIN_PASSWORD_CHANGE_WAITTIME: Minimum Wait Time for Password Change
MAX_PASSWORD_IDLE_PRODUCTIVE: Validity of Unused Productive Passwords
MAX_PASSWORD_IDLE_INITIAL: Validity of Unused Initial Passwords
MAX_FAILED_PASSWORD_LOGON_ATTEMPTS: Maximum Number of Failed Attempts
DISABLE_TICKET_LOGON: Disable Ticket Logon
DISABLE_PASSWORD_LOGON: Disable Password Logon
CHECK_PASSWORD_BLACKLIST: Check the Password Blacklist

8. Save your entry. SAP will perform a consistency check to make sure there are no existing issues prior to saving. Any issues must be fixed before continuing.

9.Assign the users to the security policy via transactions SU01 or SU10.

2-19-2014 2-51-50 PM

Note: Security policies should be created in a development environment and transported through to production. Furthermore, each policy attribute has a range of possible values. For example, the maximum allowance for MIN_PASSWORD_CHANGE_WAITTIME is 1000 (days).

If you have yet to register for my SAP Career Advancement Webinar this Friday at 1pm EST, you could still register here.

Happy Hump Day!



P.S. I will be out of commission beginning in 2 weeks and through most the month of March. I’m spending two weeks in Europe (Barcelona, Prague and Paris) and the following week I’ll be traveling to Orlando for GRC 2014! If you forgive me for being MIA, I promise to come back with lots of fun tidbits for you to mull over.

8 Things Every Happy Woman Should Have

Last October, Patty Barrett of Thought Catalog, posted an article called “8 Things Every Happen Woman Should Have.” The way I interpreted Barrett’s words weren’t that she finds the utmost happiness in a vodka soda, but rather, that happy women have a greater sense of self and an understanding of the little (and not so little) things in life that keep them fulfilled.

One of the things that really irks me is when people say “I hope you’re happy.” Simply because we often correlate happiness to material possessions and confirmation to societal norms. Maybe we should begin to use a more directed phrase to express well wishes to others: “I hope you find fulfillment,” perhaps.

Nonetheless, Barrett’s article encouraged me to seek out answers to her 8 questions and see in which ways my answers are lacking confidence.

2-18-2014 8-47-27 AM

Looking forward to having all of you join me this Friday, for my “SAP Career Advancement Webinar” at 1pm EST. Registration is still open!

Until Friday,



Want, Love, Do, Wear, Read

I’ve been lacking a bit of “blogspiration” lately, so I took to the internet for refuge. A classmate of mine from High School (Go Comets!), Gina, created a lifestyle blog, Vanilla and Velvet, which focuses on inspiring everyday life. Kudos, Gina, you had me at hello.

Periodically, Gina writes a post which highlights bit and pieces that pique her interest. I thought I’d give it a go… with the Post Grad SAP twist of course.  An assortment of fun things for all you Post-Grads, SAP Consultants, Working Women out there to sink your teeth into!

2-6-2014 12-02-00 PM

  • Want: A replacement for my dingy old laptop sleeve… Care of Kate (Spade).
  • Love: I’m Olympics Obsessed! Hopefully I won’t get any sideways glances tomorrow when I throw up the Opening Ceremonies on my dual monitor at the office. Check out this link: National Flag’s Made From Each Country’s Traditional Foods. The UK sure looks tasty.
  • Do: The countdown has begun for Eurotrip 2014 and the itinerary is really coming together. Can’t wait to take a boat ride in the Seine River alongside the Eiffel Tower. T-4 weeks. Fun fact: My previous manager was a world traveler. She inspired me in more ways than one, but perhaps the greatest gift she gave me was the “travel buzz.” T and her husband made a pact that they had to take at least one international trip every year before they had children.
  • Wear: Nike Luxe Women’s Running Tights are my new obsession. Sorry Lulu, but I think they beat out the ‘Wunder Under’ in all categories. They are a bit pricey (even on sale), but worth every penny.
  • Read: I just finished Sheryl Sandberg’s, bestseller: Lean In: Women, Work, and the Will to Lead. Ok, I know. I’m a little slow on the uptake, but I’m glad I didn’t let myself be dissuaded due to a lack of timeliness. If there’s anyone left out there who hasn’t read Sandberg’s tell-all on the women in the workforce, JUST DO IT.