Solution Beacon, LLC, Oracle Applications, consulting, database administration, oracle application implementation, implementation, upgrade, resource, resources

News

Whitepapers

Best Practices

Links

Solution Beacon Security Best Practice #18 - Periodically Expire Applications Users’ Passwords

By default, users created within the E-Business Suite do not have their passwords set to expire (see the By default, users created within the E-Business Suite do not have their passwords set to expire (see the diagram below). In accordance with your organization IT policies, you should make user passwords expire periodically. As System Administrator, choose Security | Users | Define and set the Password Expiration. In the absence of an organizational IT policy that covers this action, I generally recommend forcing users to change their passwords every 30 or 60 days.

Instead of using the screen functionality, with 11i.ATG_PF.H RUP4 and later (including R12), Oracle now provides a script to expire all application user passwords in Oracle Applications 11i. The AFCPEXPIRE.sql script is located in $FND_TOP/patch/115/sql/, and it can be run using SQL*Plus, or as the concurrent program FNDCPEXPIRE_SQLPLUS.

sqlplus -s APPS/<pwd> @AFCPEXPIRE.sql

Submit Concurrent Request: CP SQL*Plus Expire FND_USER Passwords

This script sets the fnd_user.password_date to NULL for all users which causes all user passwords to expire. The user will need to create a new password upon the next login.

Release 12 Security | Users | Define screen (Notice that this user’s password never expires!)

Since Release 11.5.8, the Security | Users | Define screen has changed to add some additional functionality. Note on this screen the ‘Indirect Responsibilities’ and ‘Securing Attributes’ folders that were introduced by the afore-mentioned Oracle User Management (UMX) application module. Indirect responsibilities are used with UMX to allow a user to "inherit" an indirect responsibility through membership in a group to which the responsibility has been assigned. Securing attributes are used by the HTML-based applications to allow only select rows (records) of data to be visible to specified users or responsibilities based on the criteria (attribute values) contained in the row.

Release 12 did not change the Users screen or appear to change any of the associated functionality.

> back to list