Re: [sap-security] Preventing Service type 'S' IDs from direct logon
Posted by
Admin at
|
Share this post:
|
|
0 Comments
 | Posted by henrikmadsen2 (GRC Consultant ) on Mar 7 at 9:33 PM |  Mark as helpful |
Actually, I'm not a 100% certain about the service ID, but one fairly recent
change is that you no longer have to add the password to a table. The
password is reset to something random at any logon. That way, no one will
ever know the password, so the importance of the function module becomes
less.
On 7 March 2010 10:22, delcharro via sap-security <
sap-security@groups.ittoolbox.com> wrote:
>
> Posted by delcharro (Sr Mgr -
> ACE/SAP)
> on Mar 6 at 6:27 PM
>
> That would be nice if that is the case, but I am on a SAP / GRC
> implementation right now and so far or at least as of 2 months ago, I
> still had to addin the user exit. There is a new release very soon
> for the GRC AC suite, I am hopeful for many new features such as this
> or some general SPM improvements.
>
>
> On Mar 6, 2010, at 3:51 PM, henrikmadsen2 via sap-security wrote:
>
> >
> > Posted by henrikmadsen2 (GRC Consultant )
> > on Mar 6 at 4:50 PM Mark as helpful
> > Hi, even the Firefighter accounts don't have to be service users
> > anymore, as far as I recall...
> >
> >
> > On 07/03/2010, at 2:06 , delcharro via sap-security wrote:
> >
> > >
> > > Posted by delcharro (Sr Mgr - ACE/SAP)
> > > on Mar 6 at 11:30 AM Mark as helpful
> > > I agree with the response, I would verify that the ids really have
> > to
> > > be service, most often I can use system as the type and it works
> > > fine. I only have a service type for GRC SPM (aka firefighter) but
> > in
> > > this case, there is a user exit to apply to prevent the direct
> > login.
> > > If these ids still have to type service, maybe you could utilise the
> > > GRC SPM user exit?
> > >
> > >
> > > On Mar 4, 2010, at 2:24 PM, Sonia via sap-security wrote:
> > >
> > > >
> > > > Posted by Sonia (Sap Basis and Securiy Analyst)
> > > > on Mar 4 at 3:24 PM Mark as helpful
> > > > why dont you use system type id's instead of service user id's?
> > > >
> > > > Sonia
> > > > On Thu, Mar 4, 2010 at 11:52 AM, ollaaz00 via sap-security <
> > > > sap-security@groups.ittoolbox.com> wrote:
> > > >
> > > > > Posted by ollaaz00
> > > > > on Mar 4 at 11:54 AM
> > > > > Hello
> > > > > Does anyone know of a work around, user exit or SAP note to
> > > > prevent Service
> > > > > (type "S") IDs from logging on directly? We have a lot of IDs in
> > > > the system
> > > > > that need to be type "S" but don't see them as any less risk
> > than
> > > > having
> > > > > them be Dialog (type "A"). We want to make sure nobody is using
> > > > these IDs to
> > > > > log into the GUI directly.
__.____._ change is that you no longer have to add the password to a table. The
password is reset to something random at any logon. That way, no one will
ever know the password, so the importance of the function module becomes
less.
On 7 March 2010 10:22, delcharro via sap-security <
sap-security@groups.ittoolbox.com> wrote:
>
> Posted by delcharro (Sr Mgr -
> ACE/SAP)
> on Mar 6 at 6:27 PM
>
> That would be nice if that is the case, but I am on a SAP / GRC
> implementation right now and so far or at least as of 2 months ago, I
> still had to addin the user exit. There is a new release very soon
> for the GRC AC suite, I am hopeful for many new features such as this
> or some general SPM improvements.
>
>
> On Mar 6, 2010, at 3:51 PM, henrikmadsen2 via sap-security wrote:
>
> >
> > Posted by henrikmadsen2 (GRC Consultant )
> > on Mar 6 at 4:50 PM Mark as helpful
> > Hi, even the Firefighter accounts don't have to be service users
> > anymore, as far as I recall...
> >
> >
> > On 07/03/2010, at 2:06 , delcharro via sap-security wrote:
> >
> > >
> > > Posted by delcharro (Sr Mgr - ACE/SAP)
> > > on Mar 6 at 11:30 AM Mark as helpful
> > > I agree with the response, I would verify that the ids really have
> > to
> > > be service, most often I can use system as the type and it works
> > > fine. I only have a service type for GRC SPM (aka firefighter) but
> > in
> > > this case, there is a user exit to apply to prevent the direct
> > login.
> > > If these ids still have to type service, maybe you could utilise the
> > > GRC SPM user exit?
> > >
> > >
> > > On Mar 4, 2010, at 2:24 PM, Sonia via sap-security wrote:
> > >
> > > >
> > > > Posted by Sonia (Sap Basis and Securiy Analyst)
> > > > on Mar 4 at 3:24 PM Mark as helpful
> > > > why dont you use system type id's instead of service user id's?
> > > >
> > > > Sonia
> > > > On Thu, Mar 4, 2010 at 11:52 AM, ollaaz00 via sap-security <
> > > > sap-security@groups.ittoolbox.com> wrote:
> > > >
> > > > > Posted by ollaaz00
> > > > > on Mar 4 at 11:54 AM
> > > > > Hello
> > > > > Does anyone know of a work around, user exit or SAP note to
> > > > prevent Service
> > > > > (type "S") IDs from logging on directly? We have a lot of IDs in
> > > > the system
> > > > > that need to be type "S" but don't see them as any less risk
> > than
> > > > having
> > > > > them be Dialog (type "A"). We want to make sure nobody is using
> > > > these IDs to
> > > > > log into the GUI directly.
Copyright © 2010 Toolbox.com and message author.
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
henrikmadsen2SAP Security Helper
Posted helpful replies on 5 threads in a group to earn a Bronze Achievement
Related Content
In the Spotlight
White Papers
In the Spotlight
55% of IT Pros Use Social Media to Advance Their Careers. See the Survey Results
View this thread online
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
_.____.__ 
