Skip to Content
author's profile photo Former Member
Former Member

Unpersonalized users

Hello All,

we are having a discussion about the use of unpersonalized (dialog) users for business in our organisation.

Business want's to use these for trainees and maintain a log who used the user when. Including usage of valid-to and valid-from dates. External auditor has agreed to that.

I don't like the idea at all, but lacking valid points to discuss this, as this was not an option in any of the companies I've worked so far, and with the auditor agreeing to this, it is even harder. Just want to avoid getting into trouble at some point in the future. Could you please share some impacts that this could have?

greetings

Alexander Walkenhorst

Add a comment
10|10000 characters needed characters exceeded

Related questions

4 Answers

  • Best Answer
    Posted on Oct 01, 2014 at 11:50 AM

    Have you checked that this complies with the wording of your SAP contract? You may find the term "named user" in there...

    Steve.

    Add a comment
    10|10000 characters needed characters exceeded

    • As Gretchen says below, I'm staggered than an external auditor approves of such an arrangement. I wouldn't, for all the reasons she mentions. The first sign of fraud and all involved will instantly regret it.

      Security is like insurance - it is often a pain in the neck, and wallet, and when you don't need it (all your users are behaving themselves) you'll wish you didn't have to bother. But when something goes wrong you'll be glad you've got it...

      Steve.

  • author's profile photo Former Member
    Former Member
    Posted on Oct 01, 2014 at 01:23 PM

    Alexander,

    That is rather suprising that an external auditor would agree to such a plan. All it will take is one time when there is fraud committed by one of these accounts, and the manual log shows a mysterious gap during the time when it occured. That will be the end of anonymous shared dialog accounts and perhaps also the employment of the manager who signed off on that scheme. Configuring the system to ensure accountability for the business transactions is a key control for most organizations.

    Regards,

    Gretchen

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Oct 01, 2014 at 02:01 PM

    Could you install a separate training system?

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Oct 01, 2014 at 02:33 PM

    Hello,

    from an auditor perspective I would not agree to any anonymous users für business in a productive enrionment. Only emergency or service accounts, sometimes admins should have such an access.

    If you can make proposal: set up a management process and assign roles to trainees (with named users) only for the dedicated period they are working a department. Mostly trainees have a predetermined schedule of their departments and therefor it should be possible to assign the roles according to their actual department schedule. This would help to decrease the management effort. If this is not possible (no plan existing) then always limit roles to the available date - no unlimited assignment.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.