Our security officer has expressed a concern about the connectivity from HCM to IDM through VDS. As far as I can see the only possibillty there is to differentiate users that are setup in VDS are whether they are authenticated or not. An authenticated user in VDS appears to be restrictable to certain ip-addresses, but is it possible to restrict a user to read only? How is the password transmitted from HCM to VDS? Is it in clear text? I guess not since passwords in SAP systems are generally stored in encrypted form, but if anyone out there has an answer, I would appreciate it.
The connection from VDS to IDM seems to be controlled by the SQL-server autorisation model.