Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

CUA security question

Former Member
0 Kudos

Hi,

My company has decided to use only one cua for both productive and non productive systems (dev. , test, ...). What are the security issues or risks of this kind of set up? Same question for SAP SolMan for both production and non productive systems.

Thanks.

Regards.

Philippe.

2 REPLIES 2

Former Member
0 Kudos

Personally, I would recommend against it.

Production and non-Production systems have different security status and requirements. For example your developer and customizer roles should ideally not be in the production environments at all (not even available to them) and RFC connections from less secure systems to more secure ones makes the later less secure as well (in this case, user administration can be performed...).

How many systems (x clients) do you have?

0 Kudos

Hi

From a security point of view Julius is quite right, furthermore, by creating one CUA for Test and Developemnt, and another for productive use, you will also gain the option to test changes to your CUA landscape before migrating them to production.

From a more pragmatic point of view I must admit that I have created many "only-one-CUA-Solutions". This will give you the advantage of a Single point of user maintenance, but if you do so, make sure that your master system is installed on a system with the highest possible security level, and that is I guess your productive system, or dedicated CUA System.

And remember, a new client on test, development or solman, will not provide that level of security, unless your can ensure that level of security on all clients on the system.

Regards

Morten Nielsen