Fellow Security Gurus,
I would like to open this discussion up for additional ideas for the following. My current client has custom development underway that will require that external vendor/customer numbers be retrieved by the custom code when these users access our portal (Enterprise Portal). The reasoning: When a customer or vendor access the portal, the portal will (via the custom code) derive their customer/vendor number from the backend; ECC system. Based on the customer/vendor number returned to the portal, the content for that user (customer/vendor) will be displayed accordingly.
One of the approaches to solve this was to utilize an attribute on the user master record to house the customer/vendor number. The custom development could then read that attribute and retrieve the customer/vendor number. One of the downsides to this approach is that which ever attribute I choose was not intended for that use. Therefore that attribute will no longer be available for its true intent.
I wanted to open this topic for additional ideas. Any insight is appreciated.