If you have to assign new passwords to lots of users (or just the old ones to lots of system users after a system copy), it seems you are a little bit lost in the scope of possibilities in the SAP standard.
There is a mass function (transaction SU10), but it still does not allow you to
- assign the same password to lots of users
- assign already given, indiviual passwords to lots of users.
In transaction SU10 the only possibility regarding passwords is to either maintain every user individually (which is nearly the same as you would do it in SU01) or to generate an individual password for each user in the selection.
This leaves us with a lack of functionality for several use cases. Think about these situations:
- Your quality or test system will be overwritten with a system copy of the productive system.
This happens quite often - the need for recent data in a test system to offer better possibilities for testing makes it necessary to do this more or less frequently.
With a client copy or export in front of the system copy you can save the users, and after the system copy you can do the client copy again back into the overwritten client of your quality or test system. But you need another system or some space in the filesystem to do this, and - as written in another blog article - it is every time "all or nothing", means you can not have users and authorizations from the productive system mixed with the project team, some test users and the system users of the quality or test system. Not in the SAP standard.
But for test purposes it could make sense to have the regular users and their authorizations from the productive system, especially when there is a need to consider also some authorization tests. But, as written before, the mix is not possible via SAP standard tools.
In any case it is necessary to keep at least the system users in the quality or test system. Usually they are system-specific, the passwords are individually assigned and after the system copy all these users with the correct passwords have to be available again. Otherwise the interfaces with the connected systems will not work anymore. That's why in most cases the strategy is to keep all users of the overwritten system and the above mentioned client copy or export and import tasks have to be done. This takes time and increases the pressure on the admins to work as quickly as possible to offer the system as early as possible.
- There are lots of new users in the system which need an initial password.
Maybe the initial password is the same for each of the new user (not the best approach, isn't it?), maybe the initial password(s) is/are already published. This could be the case on a training client. There might be users like STUD_001 with initial password havefun_001, STUD_002 with initial password havefun_002, and so on.
Or these lots of new users should get generated initial passwords. From security point of view this would be the best option. And this use case is covered in the SAP standard. In transaction SU10 you can select lots of users and generate individual passwords for them. You will receive a list of the users and their passwords.
Ok, this is usable, isn't it? But...there is still one thing where our product offers additional value. We will see it later.
With "Shortcut for SAP systems" we offer a flexible and fast possibility to assign the same password or agreed individual or generated passwords to lots of users. Let's have a look on it:
There are 2 tabs: "Same password to users" and "Individual passwords to users". Here you see the finished assignment of the same password to 24 test users. A typical use case is the start of a test phase where the teams were already informed about the test users and their passwords. Doing this with the SAP standard functions would make it necessary to maintain each of the 24 users individually. Possible... yes, but annoying, boring, time consuming.
If it is on assigning individual passwords to lots of users, we have to look at the other tab.
Here you can see the finished assignment of the individual passwords to 36 system users. Without our tool, password assignment would require maintaining each of these system users individually. The passwords for the system users are very cryptic and complicated, due to the use of the password generator feature when they were created (well done, this is how passwords for system users should be given). Entering them manually without errors would be a challenge, so without our product's "Set password" feature, this would be a copy'n paste task via the clipboard - in this case 36 times. Looks really like an interesting task, doesn't it?
Using the "Set password" feature you can do this in a single step, done in few seconds. The text fields for users and their passwords can be filled via the clipboard, and as admins usually have lists of system users and their passwords, the whole task can be done in a minute. This is much easier and much less error-prone.
There is another button available after the assignment of password(s) is done: "View details". Hmm, what details?
Let's come back to the above mentioned 2nd use case: There are lots of new users in the system which need an initial password.
If this initial password should be a generated one, this is the use case that is covered in the SAP standard. You can select the users in SU10 and assign a generated passwords for them, and after this is done you will get a list with the password information. This list can be used to inform the users individually about their initial password - after you have determined the email addresses of the users. And this is the catch.
You can do the same with the "Set password" function, and, to come back to the "View details" button", you will be rewarded with a list containing all the necessary user information to shorten the task of informing the users.
Other than in the SAP standard you will get the information of the email address of the SAP user. You can use the "Export to file" button to get a CSV file that can be used for a serial email. With "Shortcut for SAP systems" also an ABAP program is supplied, that can be used in any SAP system with a configuration for sending emails to inform the users about their initial passwords (subfolder ABAPs, file PasswordMailer.txt). Just select the CSV file, adjust some parts of the serial email and execute the program - very easy!
But of course also a serial email with email clients and/or Office software is possible. Here you can find some information how to do this
Once set up and saved, it is easily reusable.
In the end, with the "Set password" feature of our product there are ways to save a lot of time and reduce the probability of errors as well as duration and time pressure.