{"id":265,"date":"2011-08-19T13:47:47","date_gmt":"2011-08-19T13:47:47","guid":{"rendered":"http:\/\/sapsecurityanalyst.com\/WP\/?page_id=265"},"modified":"2015-05-03T09:06:12","modified_gmt":"2015-05-03T09:06:12","slug":"user-authentication","status":"publish","type":"page","link":"https:\/\/sapsecurityanalyst.com\/WP\/general-disclaimer\/user-authentication\/","title":{"rendered":"User Authentication"},"content":{"rendered":"<p>&nbsp;<\/p>\n<p><span style=\"color: #4c4c4c;\"> This is one of the most important concepts for any IT related system. It is one of the starting points for access to any system and care should be taken that only legitimate users get access to (or are able to\u00a0login\u00a0to) any SAP system. \u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><!--more--><\/p>\n<p><span style=\"color: #4c4c4c;\">From an\u00a0Administration\u00a0point of view it is important that the users in a system are genuine and care should be taken to make sure that necessary mechanisms are in place to make sure that existing users do not get impersonated.<\/span><\/p>\n<p><span style=\"color: #4c4c4c;\">\u00a0<!--more--><\/span><\/p>\n<p><span style=\"color: #4c4c4c;\"> User authentication process in R\/3 takes place when a user tries to login to the system using his user id and password. System verifies whether the user&#8217;s logon credentials are correct.<\/span><\/p>\n<p><!--more--><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #4c4c4c;\">If the logon credentials are authentic, user is able to get access to the system, otherwise not. Necessary mechanisms need to be in place so that existing users do not get impersonated. So, it becomes pertinent that some strict password rules be applied.<\/span><\/p>\n<p><!--more--><br \/>\n<script type=\"text\/javascript\">\/\/ < ![CDATA[\n\/\/ < ![CDATA[\n\/\/ < ![CDATA[\ngoogle_ad_client = \"ca-pub-1241348474673689\";\n\/* All content above *\/\ngoogle_ad_slot = \"3293572617\";\ngoogle_ad_width = 468;\ngoogle_ad_height = 15;\n\/\/ ]]><\/script><br \/>\n<script src=\"http:\/\/pagead2.googlesyndication.com\/pagead\/show_ads.js\" type=\"text\/javascript\">\/\/ < ![CDATA[\n\/\/ < ![CDATA[\n\/\/ < ![CDATA[\n\n\/\/ ]]><\/script><br \/>\n<span style=\"color: #4c4c4c;\">One of the basic password rules is to force the user to change his password after certain interval of time. Other password rule is to lock a user after certain number of incorrect logon attempts to prevent unauthorized users from gaining access to the system. Proper profile parameters need to be in place for applying these rules. <\/span><\/p>\n<p><span style=\"color: #4c4c4c;\">Some of the profile parameters are discussed in our post related to <span style=\"text-decoration: underline;\"><span style=\"color: #e63518;\"><a href=\"https:\/\/sapsecurityanalyst.com\/WP\/home\/sap-security-audit-guidelines-part-i\" target=\"_blank\"><span style=\"color: #e63518; text-decoration: underline;\">Security Audit<\/span><\/a><\/span><\/span>.<\/span><\/p>\n<p><!--more--><\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #e63518;\">Our next topic of discussion is based o<\/span><span style=\"color: #e63518;\">n <a href=\"https:\/\/sapsecurityanalyst.com\/WP\/home\/authorization\" target=\"_blank\"><span style=\"color: #e63518;\"><span style=\"text-decoration: underline;\"><em>Authorization concepts<\/em><\/span>.<\/span><\/a><\/span><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; This is one of the most important concepts for any IT related system. It is one of the starting points for access to any system and care should be taken that only legitimate users get access to (or are able to\u00a0login\u00a0to) any SAP system.&nbsp;<a class=\"read-more\" href=\"https:\/\/sapsecurityanalyst.com\/WP\/general-disclaimer\/user-authentication\/\">&hellip;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":38,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sapsecurityanalyst.com\/WP\/wp-json\/wp\/v2\/pages\/265"}],"collection":[{"href":"https:\/\/sapsecurityanalyst.com\/WP\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sapsecurityanalyst.com\/WP\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sapsecurityanalyst.com\/WP\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sapsecurityanalyst.com\/WP\/wp-json\/wp\/v2\/comments?post=265"}],"version-history":[{"count":25,"href":"https:\/\/sapsecurityanalyst.com\/WP\/wp-json\/wp\/v2\/pages\/265\/revisions"}],"predecessor-version":[{"id":2131,"href":"https:\/\/sapsecurityanalyst.com\/WP\/wp-json\/wp\/v2\/pages\/265\/revisions\/2131"}],"up":[{"embeddable":true,"href":"https:\/\/sapsecurityanalyst.com\/WP\/wp-json\/wp\/v2\/pages\/38"}],"wp:attachment":[{"href":"https:\/\/sapsecurityanalyst.com\/WP\/wp-json\/wp\/v2\/media?parent=265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}