Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Generic USERS

Former Member

‎12-03-2008 9:56 AM

0 Kudos

Generic users should not be used for different reasons, in particular OSS users who could get developer keys etc

Does anyone know where I can find official documentation on best practise for this topic?

Thank you

Nadia

2 REPLIES 2

jurjen_heeck
Active Contributor

‎12-03-2008 10:05 AM

0 Kudos

I do not know about best practice documents but in my opinion it is simple:

Logging on to a system is a process called 'authentication', to prove your identity to the system so it can determine the correct authorizations. Using generic userid's, the kind that cannot be linked to one human uniquely, breaks the basis of your whole system security........

Besides that, your SAP contract may be based on named users in which case using generic ID's will violate your license agreement.

Former Member

‎12-09-2008 1:07 PM

0 Kudos

I agree with Jurjen that a best practice is to avoid using the generic user ID's altogether in these situations.

One excellent resource for security best practices is this book.

http://www.sap-press.com/product.cfm?account=&product=H1910

It covers a multitude of topics on SAP Security and Authorizations, including best practices for user management, and is written in a very easy to understand format.

Hope this helps.

-Ben