12-03-2008 9:56 AM
Generic users should not be used for different reasons, in particular OSS users who could get developer keys etc
Does anyone know where I can find official documentation on best practise for this topic?
Thank you
Nadia
12-03-2008 10:05 AM
I do not know about best practice documents but in my opinion it is simple:
Logging on to a system is a process called 'authentication', to prove your identity to the system so it can determine the correct authorizations. Using generic userid's, the kind that cannot be linked to one human uniquely, breaks the basis of your whole system security........
Besides that, your SAP contract may be based on named users in which case using generic ID's will violate your license agreement.
12-09-2008 1:07 PM
I agree with Jurjen that a best practice is to avoid using the generic user ID's altogether in these situations.
One excellent resource for security best practices is this book.
http://www.sap-press.com/product.cfm?account=&product=H1910
It covers a multitude of topics on SAP Security and Authorizations, including best practices for user management, and is written in a very easy to understand format.
Hope this helps.
-Ben