login/fails_to_session_end – SAP RZ11

Before we learn to limit logon attempts we need to know parameter –

What is a parameter?

Parameter is the set of keys and values to manage the SAP system. There are two types of parameters –

  1. Static: – It needs a restart. It doesn’t effect to the system immediately once you set the value for it.
  2. Dynamic: – It does not need restart. It effects to the system immediately once you set the value for it.

How to view a parameter?

Step 1) Execute T-code RZ11.

SAP RZ11:View Parameter

Step 2)

  1. Put parameter name “login/fails_to_session_end” in text-field. You can put any Parameter name.
  2. Click Display

SAP RZ11:View Parameter

Step 3) The screen below shows the current value set for the parameter by the admin

SAP RZ11:View Parameter

In order to change a parameter, click the pencil icon and make desired changes

Important Parameters to limit login attempts

  • login/fails_to_session_end: This parameter specifies the number of times that a user can enter an incorrect password before the system ends the logon attempt. The parameter is to be set to a value lower than the value of parameter
  • login/fails_to_user_lock: This parameter specifies the number of times that a user can enter an incorrect password before the system locks the user against further logon attempts. SAP system default value is 12. You can set it to any value between 1 and 99 inclusive.