Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SPM: Dialog user or Service user type for FF

Go to solution
Former Member

‎11-25-2010 5:38 PM

0 Kudos

Hi all,

SAP documents that FF IDs needs to be created as Service type.

My question: Is there any problem if these users are created as Dialog?

Anyone using FF IDs as Dialog users?

Many thanks in advance. Kind regards,

Imanol

1 ACCEPTED SOLUTION

Go to solution
koehntopp
Product and Topic Expert
Product and Topic Expert

‎11-25-2010 7:53 PM

0 Kudos

Hi Imanol,

the "old" versions required a service user, and you had to supply (and know) a password. As this was a potential security vulnerability (lots of people knowing passwords for users with wide authorizations) it was changed.

Now you can use dialog users for FF IDs. You need to assign them to their own user group, and maintain this group in the Firefighter user role. Then when you login to use an ID the password will be changed so that it's only known by the application, and also only the application can set it.

Frank.

7 REPLIES 7

Go to solution
koehntopp
Product and Topic Expert
Product and Topic Expert

‎11-25-2010 7:53 PM

0 Kudos

Hi Imanol,

the "old" versions required a service user, and you had to supply (and know) a password. As this was a potential security vulnerability (lots of people knowing passwords for users with wide authorizations) it was changed.

Now you can use dialog users for FF IDs. You need to assign them to their own user group, and maintain this group in the Firefighter user role. Then when you login to use an ID the password will be changed so that it's only known by the application, and also only the application can set it.

Frank.

Go to solution
Former Member

‎11-25-2010 8:02 PM

0 Kudos

hi

Dialog and Service user can be used in FF from VFAT 2.0 to FF 3.0 to SPM 5.3...

only difference is if you have to maintain dialog users, then you have to first time login once and change their password.......

also password of service user never expire.

so it's not compultion

regards,

Surpreet

Go to solution
koehntopp
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎11-25-2010 8:18 PM

0 Kudos

Surpreet,

from (I think) 5.3 SP5 on you no longer need to change the initial password.

Frank.

Go to solution
Former Member
In response to Former Member

‎11-25-2010 8:21 PM

0 Kudos

Frank,

per my understanding for Dialog users, standard SAP functionality will still work.

so login might not be possible with't password reset. (if used as FF id)

sorry, never tested that...... no more using GRC......

regards,

Surpreet

Go to solution
koehntopp
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎11-26-2010 7:54 AM

0 Kudos

Believe me, it does work - just working on it with a customer today

Go to solution
Former Member

‎11-26-2010 2:20 AM

0 Kudos

Hi All,

Just an update. Refer SAP Note 992200 & 1148996. There is an enhacement in the user exit which will not allow to login with the FF ID in Dialog mode even though the password is trivial.

Regards,

Raghu

Go to solution
koehntopp
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎11-26-2010 7:55 AM

0 Kudos

Raghu,

the notes you mention are from 2008. In recent version, SPM resets the password to something unknown and non-trivial, so there are no more users that might know the password and login.

Frank.