Most Welcome to everyone who ever wants to increase knowledge in SAP, as I want to share my SAP Security and Basis Knowledge, First and foremost is that SAP Security is mainly controlled through Authorization Objects and Field value.
There are 5 types of Users in SAP
1) Dialog
2) Service
3) System
4) Communication
5) Reference
User can be create, maintain, lock, unlock, Change Password, Copy, Rename and Display through Tcode ----- SU01 and same thing for Mass users through SUI0.
Mostly 99% of Business users will be Dialog Users that give the vulnerability to change the Password.
More will be later ! Thanks