Every user requires a configured userid and password to access the SAP system. Initially, the password configured by the SAP system administrator.

On the first logon, user needs to change the password according to the rules/restrictions configured in the system by administrator. The rules/restrictions are configured in the system with some set of the parameters. The parameters with password rules are called as password rules parameters.

Password rules parameters -

ParameterDescription
login/min_password_lngSpecifies the minimum length of the password. The default value is 6. The allowed values are from 3 – 40.
login/min_password_digitsSpecifies the minimum number of digits (0-9) in passwords. The default value is 0. The allowed values are from 0 – 40.
login/min_password_lettersSpecifies the minimum number of letters (A-Z) in passwords. The default value is 0. The allowed values are from 0 – 40.
login/min_password_lowercaseSpecifies the number of characters in lower-case letters a password must contain. The allowed values are from 0 – 40. The default value is 0.
login/min_password_uppercaseSpecifies the number of characters in upper-case letters a password must contain. The allowed values are from 0 – 40. The default value is 0.
login/min_password_specialsSpecifies the minimum number of special characters in the password. The special characters allowed are !"@ $%&/()=?'`*+~#-_.,;:{[]}\<>| and space and the grave accent. The default value is 0. The allowed values are from 0 – 40.
login/password_charsetThis parameter specifies the password characters set. Allowed values are:
  • 0 (restrictive): The password can consist only following (ASCII) special characters: !"@ $%&/()=?’*+~#-_.,;:{[]}\<>│ and space and the grave accent.
  • 1 (backward compatible, default value): The password can consist of any characters including national special characters (ISO Latin-1, 8859-1).
  • 2 (not backward compatible): The password can consist of any characters.
There are some other set of parameters with rules which are in effect when changing the password in the SAP system. Those parameters are called as password changes parameters.

Password changes parameters -

ParameterDescription
login/min_password_diffSpecifies the minimum number of characters that must be different in the new password compared to the old password. The default value is 1. The allowed values are from 1 – 40.
login/password_expiration_timeSpecifies the validity period of passwords in days. The default value is 0. The allowed values are from 0 – 1000.
login/password_history_sizeSpecifies the number of passwords that the system stores and that the user cannot use again. The allowed values are from 1 – 100. The default value is 5. In this unit is number of entries.
login/password_change_waittimeSpecifies the number of days that a user must wait before changing the password again. The allowed values are from 1 – 1,000. The default value is 1. In this unit is days.

Table USR40: Specifying Impermissible Passwords -

Users can be prevented from choosing passwords that administrator/company do not want to allow. Table USR40 contains the prohibited rules for the users.

To add new restriction, the restriction should be entered in table USR40. To maintain the table USR40, SM30 transaction can be used. There are two wildcard characters:

  • ? - Specifies a single character
  • * - Specifies a sequence of characters in any combination of any length.

Example -


  • 567* - Rejects any password that begins with the sequence “567”.
  • *567*- Rejects any password that contains the sequence “567.”
  • KL? - Rejects all passwords that begin with “KL” and have one additional character like “KLA”, “KLB”, “KLC” and so on.

Table USR40: Adding new restriction -

Step-1: Go to SM30.

Password Restrictions

Step-2: It navigates to the “Maintain Table Views: Initial Screen”.

Password Restrictions

Step-3: Enter USR40 in the “Table/View” field. Click on the maintain icon.

Password Restrictions

Step-4: It displays a informational dialog box showing a caution like below. Click on tick mark.

Password Restrictions

Step-5: Click on the new entries in the below screen to add a restriction.

Password Restrictions

Step-6: Now the table is editable.

Password Restrictions

Enter the restrictions to the table below and click on save to restrictions become active.

Password Restrictions

Step-7: It prompts for a workbench request. Click on the right mark to proceed. Once the work bench request completed, all the restrictions added in effect.

Password Restrictions