RE: [sap-security] Maintaining Own's Email address
Posted by
Admin at
|
Share this post:
|
|
0 Comments
 | Posted by Olivier D on Sep 2 at 3:37 AM |  Mark as helpful |
Hi,
This is what we have.
We work with CUA and we use LDAP to maintain e-mail adress.
However I have checked SU01 and SU1 : with tcode SU01, I can change the e-mail adress but not with SU1. This is true with the CUA and in a system without CUA.
I suppose that the only way to change e-mail adress is SU01.
Dubois Olivier
________________________________
From: edmarks via sap-security [mailto:sap-security@Groups.ITtoolbox.com]
Sent: Sunday, August 30, 2009 7:04 PM
To: Dubois Olivier (ERP)
Subject: RE:[sap-security] Maintaining Own's Email address
Posted by edmarks (Security Admin)
on Aug 30 at 1:52 PM Mark this reply as helpfulMark as helpful <http://it.toolbox.com/api/ContentVote/2963096/1/1/>
I don't have the original article, but there are some serious audit reasons to not let the user maintain their own email address. The same goes for copiers / printers / scanners that allow you to send the copy to your email address. If the user could change this, they could change their address to be the President or CEO and send out a ton of "spoof" messages. While this seems like a simple thing the user should be able to do, it's not in the best interest of anyone.
Here's the second arguement. Either use LDAP to synchronize it, or allow your admins who are already responsible for email addresses to update it. If the email admin updates an address in the email system, why shouldn't they be responsible to update it in down stream systems (if LDAP or equivalent) isn't in place.
__.____._ This is what we have.
We work with CUA and we use LDAP to maintain e-mail adress.
However I have checked SU01 and SU1 : with tcode SU01, I can change the e-mail adress but not with SU1. This is true with the CUA and in a system without CUA.
I suppose that the only way to change e-mail adress is SU01.
Dubois Olivier
________________________________
From: edmarks via sap-security [mailto:sap-security@Groups.ITtoolbox.com]
Sent: Sunday, August 30, 2009 7:04 PM
To: Dubois Olivier (ERP)
Subject: RE:[sap-security] Maintaining Own's Email address
Posted by edmarks (Security Admin)
on Aug 30 at 1:52 PM Mark this reply as helpfulMark as helpful <http://it.toolbox.com/api/ContentVote/2963096/1/1/>
I don't have the original article, but there are some serious audit reasons to not let the user maintain their own email address. The same goes for copiers / printers / scanners that allow you to send the copy to your email address. If the user could change this, they could change their address to be the President or CEO and send out a ton of "spoof" messages. While this seems like a simple thing the user should be able to do, it's not in the best interest of anyone.
Here's the second arguement. Either use LDAP to synchronize it, or allow your admins who are already responsible for email addresses to update it. If the email admin updates an address in the email system, why shouldn't they be responsible to update it in down stream systems (if LDAP or equivalent) isn't in place.
Copyright © 2009 CEB Toolbox, Inc. and message author.
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Olivier DSAP Security Enthusiast
Contributed 100 posts in a group to earn a Bronze Achievement
Related Content
White Papers
View this thread online
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
