This website is not affiliated with, sponsored by, or approved by SAP AG.

Internet user types in CRM ICSS

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

Internet user types in CRM ICSS

Postby Grimster » Tue Jul 17, 2007 2:31 pm

Hi all,

Odd problem in our CRM system, users who register in our ICSS front end module have a back-end user creation done (through a SAP standard process - not bespoke or anything silly) as dialog, this makes them subject to the same rules our back-end users are, i.e. 90 day password timeouts, 3 logon attempts then lock and kick etc.

We need to free the internet user from these constraints, now audit demands that the parameters are in place to ensure back-end users have a password reset etc. so switching that off on an instance level isn't an option.

User group exception parameters appear to be instance specific but we'd rather not have to tie all the internet users into a single instance, plus there's no guaranteeing back-end users go to a specific instance without playing with their logon settings and breaking load balancing.

Obvious fix is to create/change all the internet users into system rather than dialog, this would exempt them from the 90-day requirement, give us the added bonus of enhanced security in the back-end (no-one being silly trying to log onto an internet user in dialog), but there's a question about SAP standard process creating users as dialog :x

Has anyone come up against this kind of issue before?

Feel free to kick me around if we're missing something glaringly obvious.

Cheers,

Grim.
Grimster
 
Posts: 17
Joined: Fri Feb 20, 2004 5:41 am

Re: Internet user types in CRM ICSS

Postby lilstew5 » Wed Apr 01, 2009 1:30 pm

Did you ever get a solution for this? When we upgraded to 2007 we lost the ability for the accounts to unlock once the new password was issued. We now have several customers a week who are locked out even though they got the new password and we have to unlock each one manually. Our Security BA says that the settings are the same from the old system to the new one but we still have the issue.
lilstew5
 
Posts: 1
Joined: Wed Apr 01, 2009 1:17 pm

Re: Internet user types in CRM ICSS

Postby Grimster » Wed Feb 08, 2012 6:05 am

Sorry to necro the thread, but we solved the problem of locked users by eventually developing code to run under batch to do a mass-unlock of locked usernames under specific groups.

Sledgehammer to crack a nut approach really.

We still to this day have the problem with parameters and being unable to switch on server restrictions for our internal users, I guess we could do something similar and force a password change for internals, but totally surprised that this has never come up under any ICSS implementation.

Also having issues with ICSS user creations in a CUA enabled client, meaning we're unable to apply CRM clients to the CUA system, but that's another question.
Grimster
 
Posts: 17
Joined: Fri Feb 20, 2004 5:41 am


Return to SAP Security

Who is online

Users browsing this forum: No registered users and 5 guests





loading...


This website is not affiliated with, sponsored by, or approved by SAP AG.