11-25-2010 5:38 PM
Hi all,
SAP documents that FF IDs needs to be created as Service type.
My question: Is there any problem if these users are created as Dialog?
Anyone using FF IDs as Dialog users?
Many thanks in advance. Kind regards,
Imanol
11-25-2010 7:53 PM
Hi Imanol,
the "old" versions required a service user, and you had to supply (and know) a password. As this was a potential security vulnerability (lots of people knowing passwords for users with wide authorizations) it was changed.
Now you can use dialog users for FF IDs. You need to assign them to their own user group, and maintain this group in the Firefighter user role. Then when you login to use an ID the password will be changed so that it's only known by the application, and also only the application can set it.
Frank.
11-25-2010 7:53 PM
Hi Imanol,
the "old" versions required a service user, and you had to supply (and know) a password. As this was a potential security vulnerability (lots of people knowing passwords for users with wide authorizations) it was changed.
Now you can use dialog users for FF IDs. You need to assign them to their own user group, and maintain this group in the Firefighter user role. Then when you login to use an ID the password will be changed so that it's only known by the application, and also only the application can set it.
Frank.
11-25-2010 8:02 PM
hi
Dialog and Service user can be used in FF from VFAT 2.0 to FF 3.0 to SPM 5.3...
only difference is if you have to maintain dialog users, then you have to first time login once and change their password.......
also password of service user never expire.
so it's not compultion
regards,
Surpreet
11-25-2010 8:18 PM
Surpreet,
from (I think) 5.3 SP5 on you no longer need to change the initial password.
Frank.
11-25-2010 8:21 PM
Frank,
per my understanding for Dialog users, standard SAP functionality will still work.
so login might not be possible with't password reset. (if used as FF id)
sorry, never tested that...... no more using GRC......
regards,
Surpreet
11-26-2010 7:54 AM
11-26-2010 2:20 AM
Hi All,
Just an update. Refer SAP Note 992200 & 1148996. There is an enhacement in the user exit which will not allow to login with the FF ID in Dialog mode even though the password is trivial.
Regards,
Raghu
11-26-2010 7:55 AM
Raghu,
the notes you mention are from 2008. In recent version, SPM resets the password to something unknown and non-trivial, so there are no more users that might know the password and login.
Frank.