Authenticating Named Users With User ID and Password 

For applications that are to be accessed by named users (users with an account in the SAP System), do not save the user ID and password in the application's ITS service file. In this case, user authentication takes place entirely within the SAP System.

For example, the webgui service that allows access to standard SAP transactions should require the user's ID and password.

Do not store a user ID and password in the webgui service file!

As an alternative to using user ID and password authentication, as of Release 4.5B, named users can also log on using X.509 client certificates.