Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Multiple Logon in Production

Former Member
0 Kudos
809

All,

I am trying to understand the actual risk of allowing users multiple logon in production systems. As of now I believe that should logon credentials be stolen then it's not possible to monitor illegal logons and also a possible data inconsistency.

Please throw some light, have tried searching with the logon profile parameters in the forum and online, but nothing concrete found.

Kind Regards,

AJS

7 REPLIES 7

Former Member
0 Kudos
177

I think it is more a risk for the performance of the system...

On the other hand, if you not allow multiple logons for the same users, they cannot share their accounts. (which can be a risk...) Before you know it, several people are working on the same account.

Kind regards,

Mark

0 Kudos
177

it primarily is an licence issue, so you can do with less users paying less license costs.

sap can and will detect this when a license scan is done

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
0 Kudos
177

>

> it primarily is an licence issue, so you can do with less users paying less license costs.

> sap can and will detect this when a license scan is done

It's not just a license issue. If multiple users are using the same account, auditing will be hard to impossible. That might endager your auditibility (not just financial audits). In some industries (chemistry, banking, ...) audits are very important - if you fail to track actions back to individuals your business might be impacted.

Former Member
0 Kudos
177

Users like to share their ID's. If you allow multiple logins then it makes it harder to claim there is non-repudiation when it comes to transactions being processed. It is a basic infosec principle that access to functions and data should be by a named account that allows tracability for changes being performed etc.

As mentioned by the other guys, there are also plenty of other considerations for why you don't want to allow this functionality to the general user population.

Former Member
0 Kudos
177

Hi,

It usually conerns in two ways.

1. Licensing as mentioned above. Use transaction USMM to determine the users.

2. Data theft (When users steal password or share their credentials)

It need to be decided at organizational level to turn multiple logons off. Pros and cons need to be prepared.

Regards,

Gowrinadh

p330068
Active Contributor
0 Kudos
177

Hi Avinash,

Production system should not allow multiple logon.

Please have a look at below for restrict multiple logins :-

[Restrict multiple logins for a single user in Portal |/message/6942923#6942923 [original link is broken];

[Limiting Number of Users Logged On |http://wiki.sdn.sap.com/wiki/display/EP/LimitingNumberofUsersLogged+On]

Hope it helps

Regards

Former Member
0 Kudos
177

your company won't pass in external SOX audit if you do so.