Identifying product internal security exposures for compliance
Article ID: 260600
SOLVE: Access Session Management
How to determine whether SOLVE: Access Session Management has internal security enabled completely or partially? For example, maybe the product only uses internal security for determining which panels are displayed and/or which product commands can be issued.
Is the internal security capability equivalent to the external security capability - i.e. can you do all the same things with either?
Can the internal security provide capabilities that could be considered as privileged access?
What is recommended regarding changing security from internal to external security?
Release : 5.0
Enter command $$SYSPRO will show whether they are using full or partial security which was described fully.
Yes, there's no difference in capabilities between internal or external capabilities.
Yes, various mechanisms exist using internal security which can dictate menu's, commands and other accesses.
Given that partial security using UAMS consists of having security configuration in two places - within UAMS and the ESM - ideally it is preferred to have security defined within the ESM system rather than a combination. Therefore, we now recommend that customers implement Full Security so that security is being controlled by the ESM.