https://community.sap.com/t5/application-development-and-automation-discussions/generic-users/m-p/4784347#M1120655 <HTML><HEAD></HEAD><BODY><P>I agree with Jurjen that a best practice is to avoid using the generic user ID's altogether in these situations.</P><P></P><P>One excellent resource for security best practices is this book.</P><P></P><P><A href="http://www.sap-press.com/product.cfm?account=&amp;product=H1910" target="test_blank">http://www.sap-press.com/product.cfm?account=&amp;product=H1910</A></P><P></P><P></P><P>It covers a multitude of topics on SAP Security and Authorizations, including best practices for user management, and is written in a very easy to understand format.</P><P></P><P></P><P>Hope this helps.</P><P></P><P>-Ben</P></BODY></HTML> Tue, 09 Dec 2008 13:07:22 GMT Former Member 2008-12-09T13:07:22Z https://community.sap.com/t5/application-development-and-automation-discussions/generic-users/m-p/4784345#M1120653 <HTML><HEAD></HEAD><BODY><P>Generic users should not be used for different reasons, in particular OSS users who could get developer keys etc</P><P>Does anyone know where I can find official documentation on best practise for this topic?</P><P>Thank you</P><P></P><P>Nadia</P></BODY></HTML> Wed, 03 Dec 2008 09:56:19 GMT https://community.sap.com/t5/application-development-and-automation-discussions/generic-users/m-p/4784345#M1120653 Former Member 2008-12-03T09:56:19Z https://community.sap.com/t5/application-development-and-automation-discussions/generic-users/m-p/4784346#M1120654 <HTML><HEAD></HEAD><BODY><P>I do not know about best practice documents but in my opinion it is simple:</P><P></P><P>Logging on to a system is a process called 'authentication', to prove your identity to the system so it can determine the correct authorizations. Using generic userid's, the kind that cannot be linked to one human uniquely, breaks the basis of your whole system security........</P><P></P><P>Besides that, your SAP contract may be based on named users in which case using generic ID's will violate your license agreement.</P></BODY></HTML> Wed, 03 Dec 2008 10:05:16 GMT https://community.sap.com/t5/application-development-and-automation-discussions/generic-users/m-p/4784346#M1120654 jurjen_heeck 2008-12-03T10:05:16Z https://community.sap.com/t5/application-development-and-automation-discussions/generic-users/m-p/4784347#M1120655 <HTML><HEAD></HEAD><BODY><P>I agree with Jurjen that a best practice is to avoid using the generic user ID's altogether in these situations.</P><P></P><P>One excellent resource for security best practices is this book.</P><P></P><P><A href="http://www.sap-press.com/product.cfm?account=&amp;product=H1910" target="test_blank">http://www.sap-press.com/product.cfm?account=&amp;product=H1910</A></P><P></P><P></P><P>It covers a multitude of topics on SAP Security and Authorizations, including best practices for user management, and is written in a very easy to understand format.</P><P></P><P></P><P>Hope this helps.</P><P></P><P>-Ben</P></BODY></HTML> Tue, 09 Dec 2008 13:07:22 GMT https://community.sap.com/t5/application-development-and-automation-discussions/generic-users/m-p/4784347#M1120655 Former Member 2008-12-09T13:07:22Z