We have quite a few external (asp.net/c#) applications(10+) connecting to AX. Some are public facing, some internal.
Since each login requires a license, we'd like to limit the login accounts.
I'm thinking:
1. Create a public facing account and an internal account (both are not sys admin accounts, and grant only what's required by these applications)
2. Encrypt the web.config login
My concern is that, if we create a non sys admin account, it may be challenging to manage the account (update rights for every new application we build) and also makes development more difficult. (So much easier to have a sys admin account and develop and deploy).
In writing this, this makes me think.. use a sys admin account for development, but for production, use limited access accounts -- one for public and one internal facing applications.
What security measure do you recommend? What do you actually practice? Would love to hear your thoughts/recommendations.
Thanks in advance!