08-12-2010 5:30 PM
We have a process but it is hard to maintain and not very secure. I was wondering how other Security Admins solve this problem.
For examplle, we have users who use ESS, MSS, Adobe Forms and a few other portal roles. And, all of them are using the LDAP to authenticate users.
Our Basis guys have created test ids in the Portal but they need to be asisgned directly to a pernr (on Infotype 0105) in order to obtain the right information in the portal.
I'm curious as to how others maintain this process.
All suggestions and recommendations are welcome.
Thanks,
Penny
08-12-2010 7:55 PM
One of my customers has a test lab, where we logon to a test network and test AD.
The network connects to the corp network as a sub-domain but the physical access is controlled and the data is anonymized in the HR systems (other than PROD).
There is also test portal...
A cheaper solution to avoid the AD is to have a test portal with differently configured login module stack (UID/PWD).
If you let basis maintain IT 0105 in prod for test purposes then their test employees will not really be realistic anyway, or might get paid salaries
Some poeple you need to trust, but giving them a better testing environment helps (them as well, from being falsely accused).
Cheers,
Julius
08-13-2010 4:58 PM
If the Basis team has created the test-id on the portal, assign the MSS/ESS role as per the business process
make sure to create the same userid on the backend system and assign the userid to a pernr
Assigning userid to PERNR lot of postings are available to do this please search.
Also I remember at one of my customers project the portal was configured to have "parameter setting" on the portal rather than the backend system.
summary: Userid - UME/LDAP ( Basis already created it in your case )
Portal roles ESS/MSS - assigned to userid
ECC/HCM system roles -assigned to userid ( after PERNR is tied to userid)
Paremeter setting to be done on portal
Regards