Skip to Content
avatar image
Former Member

Security related login credentials

Dear Experts,

Right now we are sending some financial data (vendor payment data) from R/3 to Bank using XI middleware. Here FI User will send data from R/3 to XI and from SAP XI to bank. The FI user password can be changed by BASIS people. Here for the security point of view and finance information regard is there any way that we can incorparate a secured password functionality (or) role which cannot be controlled by Basis people. if so could anyone please guide me in this regard ..if not any alternative in this regard.

Many thanks in advance,

Balu

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Nov 02, 2009 at 09:40 AM

    I'm sorry but I don't think thats possible, and beside that I don't understand why would you not trust your technical team and why they'll change the password?... Another point is that your roles should be properly segregated so even tho they can change the password they shouldn't be able to review financial data.

    Regards

    Juan

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 02, 2009 at 09:11 PM

    For the password aspect, you can consider using trusted RFC for the internal connection and then encrypt the data being sent to the bank. In the trusted RFC case, you control the access via authorizations in the target system and not a password in the source.

    Which leads into the second aspect... if your basis folks are not responsible for any role maintenance (e.g. in production...) you can switch their access to display for user and role maintenance.

    Of course, you will meet some resistance when doing this... 😊

    My recommendation would be to compensate the "anything can happen and basis always has to solve it..." scenarios with an emergency user procedure. There are a number of cool and less cool ways of going about this so that during "normal" operations the access to roles is restricted.

    Cheers,

    Julius

    ps: Do not close this thread by just posting "s". The comment field is not mandatory! I deleted some of your recent posts of this type and there are some nasty mails in your inbox which the system sends automatically. Please read them.

    Edited by: Julius Bussche on Nov 2, 2009 10:12 PM

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 16, 2009 at 03:22 PM

    s

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      I said it before and I have to say it again...

      ps: Do not close this thread by just posting "s". The comment field is not mandatory! I deleted some of your recent posts of this type and there are some nasty mails in your inbox which the system sends automatically. Please read them.