How to avoid Password expiration for a particular/limited set of PeopleSoft user(s) yet having Password expiry for all other PeopleSoft users?
To set Password expiration after a stipulated period, it is possible in PeopleSoft. However this setting can be done only globally and cannot be done or undone for a specific set of users.
In PeopleTools > Security > Password Configuration > Password Controls, we can set whether we would want to have Password Expiration feature enabled or disabled and also the frequency or no of days in which the password must expire.
The hiccup here is this setting cannot be undone for one or a set of users. For example, what if a process running in PeopleSoft uses a particular PS OPRID and password and you would never want that password to expire. If the password expires, the password must be reset on expiry and the underlying process must be modified to run with this reset password.
To avoid this, we can play a trick with the Password Control feature. The password expiry feature works based upon the LASTPSWDCHANGE field in PSOPRDEFN table. If this LASTPSWDCHANGE has a date of 01-Jan-2011, and password expiry is set for 60 days, then on 01-Mar-2011 the user would face password expiry. Here is where we could do a trick. What if we set the LASTPSWDCHANGE field to a future date like 01-01-2099? The system would require password expiry only on 01-Mar-2099 and that solves the problem. We could manually update the LASTPSWDCHANGE field in PSOPRDEFN through database for only a handful of userids and achieve our objective of avoiding password expiration for a limited set of users.
In PeopleTools > Security > Password Configuration > Password Controls, we can set whether we would want to have Password Expiration feature enabled or disabled and also the frequency or no of days in which the password must expire.
The hiccup here is this setting cannot be undone for one or a set of users. For example, what if a process running in PeopleSoft uses a particular PS OPRID and password and you would never want that password to expire. If the password expires, the password must be reset on expiry and the underlying process must be modified to run with this reset password.
To avoid this, we can play a trick with the Password Control feature. The password expiry feature works based upon the LASTPSWDCHANGE field in PSOPRDEFN table. If this LASTPSWDCHANGE has a date of 01-Jan-2011, and password expiry is set for 60 days, then on 01-Mar-2011 the user would face password expiry. Here is where we could do a trick. What if we set the LASTPSWDCHANGE field to a future date like 01-01-2099? The system would require password expiry only on 01-Mar-2099 and that solves the problem. We could manually update the LASTPSWDCHANGE field in PSOPRDEFN through database for only a handful of userids and achieve our objective of avoiding password expiration for a limited set of users.
I came across net and found that this can be also achieved by tweaking delivered PeopleSoft function PASSWORD_CONTROLS in FUNCLIB_PWDCNTL.PWDCNTL.Field Change. What we could do here is we can write code as to avoid going through this function for a specific set of users.
ReplyDeleteI recently learnt that changes done as above in the backend will require recycling of appserver cache for this change to work.
ReplyDelete