Good day,
We've just noticed something on some of our DevTest SAP systems (AS ABAP, but different versions) which we hadn't noticed before and were wondering whether or not it was normal.
If we create a user (using "SU01") and assign them an initial password, when they log in through SAP GUI then they are prompted to change their password and the new password is set. This is perfectly fine, exactly what we'd expect.
However, if a user with an initial password logs in to any web service (E.g. "/sap/bc/gui/its/webgui"), they're prompted to change the password but the new password is not accepted. There's a message, something like "New password not allowed", and a "Continue" button; if the user clicks "Continue", they're taken to the web service page, logged in, as usual; however their password will have been deactivated, so once they've logged off, they cannot log back in.
That doesn't seem right ... For a start, it's inconsistent with using SAP GUI ...
Is this expected behavior (E.g., a bug, something addressed by a SAP note, some configuration parameter we've forgotten to set somewhere, ...)?
Many thanks, and regards,