04-22-2010 7:38 AM
All,
I am trying to understand the actual risk of allowing users multiple logon in production systems. As of now I believe that should logon credentials be stolen then it's not possible to monitor illegal logons and also a possible data inconsistency.
Please throw some light, have tried searching with the logon profile parameters in the forum and online, but nothing concrete found.
Kind Regards,
AJS
04-22-2010 7:55 AM
I think it is more a risk for the performance of the system...
On the other hand, if you not allow multiple logons for the same users, they cannot share their accounts. (which can be a risk...) Before you know it, several people are working on the same account.
Kind regards,
Mark
04-22-2010 8:20 AM
it primarily is an licence issue, so you can do with less users paying less license costs.
sap can and will detect this when a license scan is done
04-22-2010 8:38 AM
>
> it primarily is an licence issue, so you can do with less users paying less license costs.
> sap can and will detect this when a license scan is done
It's not just a license issue. If multiple users are using the same account, auditing will be hard to impossible. That might endager your auditibility (not just financial audits). In some industries (chemistry, banking, ...) audits are very important - if you fail to track actions back to individuals your business might be impacted.
04-22-2010 8:29 AM
Users like to share their ID's. If you allow multiple logins then it makes it harder to claim there is non-repudiation when it comes to transactions being processed. It is a basic infosec principle that access to functions and data should be by a named account that allows tracability for changes being performed etc.
As mentioned by the other guys, there are also plenty of other considerations for why you don't want to allow this functionality to the general user population.
04-22-2010 8:34 AM
Hi,
It usually conerns in two ways.
1. Licensing as mentioned above. Use transaction USMM to determine the users.
2. Data theft (When users steal password or share their credentials)
It need to be decided at organizational level to turn multiple logons off. Pros and cons need to be prepared.
Regards,
Gowrinadh
04-22-2010 9:12 AM
Hi Avinash,
Production system should not allow multiple logon.
Please have a look at below for restrict multiple logins :-
[Restrict multiple logins for a single user in Portal |/message/6942923#6942923 [original link is broken];
[Limiting Number of Users Logged On |http://wiki.sdn.sap.com/wiki/display/EP/LimitingNumberofUsersLogged+On]
Hope it helps
Regards
04-23-2010 10:29 PM