Limit device sessions

The limit device sessions system value specifies whether a user is allowed to be signed on to more than one device at a time.

This value does not restrict the System Request menu or a second signon from the same device. If a user has a disconnected job, the user is allowed to sign on to the system with a new device session. Allowing users to sign on to only one workstation at a time promotes good security habits. If you limit users to one device, you discourage users from sharing user IDs and passwords. If people share user IDs, you lose both control and accountability. You can no longer tell who really does what functions on the system. In addition users must remember to sign off one workstation before moving to another one. Workstations left signed on, but not in use, pose a security risk. Give every system user a unique user ID and password with the appropriate authorities, then restrict them to using one workstation at a time. You can also restrict users to a specific device through individual user profiles.

See Table 2 table for an overview of the limit device sessions system value.

Relationship to security policy

Setting the limit device sessions system value discourages sharing password and leaving workstation signed on; however, regardless of the decision you make for this system value, your security policy should implicitly discourage these practices. These bad habits provide a potential attacker access to your resources and sensitive business information. In your security policy users should be made aware of the risks and the consequences for these practices.

For more detailed information about this security value, see Chapter 3, "Security System Values" in Security Reference.