SAP user can login to the system any number of times with valid credentials (userid and password). If any one of the userid and password is wrongly entered, then the attempt to logon count as invalid.

The number of invalid logon attempts limit is predefined with specific parameter in the system by the administrator. These invalid attempts are compared in background with parameter limit and if the max attempts limit is reached then the user gets locked out.

Parameter -

Parameter is the set of keys with values to manage the specific task in the SAP system. There are two types of parameters -

  • Static: - System restart is required for modifications. If static parameter is modified, then system restart is mandatory to get the latest changes into effect. The modification doesn't effect to the system without system restart.
  • Dynamic: - System restart is not required for modifications. Parameter are dynamic. If dynamic parameter is modified, then the latest changes immediately into effect. System restart is not required.
  • login/fails_to_session_end contains the number of unsuccessful login attempts limit defined by the administrator.

View login/fails_to_session_end parameter -

Step-1: Go to RZ11.

Number of Invalid Login Attempts

Step-2: It navigates to Maintain Profile Parameters.

Number of Invalid Login Attempts

Step-3: Enter the parameter name login/fails_to_session_end and click on display.

Number of Invalid Login Attempts

Step-4: It navigates to the “Display Profile Parameter Attributes” Screen. Current value highlighted below shows the max number of invalid login attempts.

Number of Invalid Login Attempts

Incorrect Login Parameters -


Specifies the number of unsuccessful logon attempts. The system does not allow any more logon attempts.

The parameter set to be a value lower than the login/fails_to_user_lock value. The default value is 3. The allowed values are 1 to 99.

login/fails_to_user_lock -

Specifies the number of unsuccessful logon attempts before the system locks the user. The default value 5. The allowed values are 1 to 99.

login/failed_user_auto_unlock -

Specifies whether user locks due to unsuccessful logon attempts should be automatically removed at midnight. The default value is 0 (locks due to incorrect logon attempts remain in force for an unlimited period). The allowed values are 0 or 1.