cancel
Showing results for 
Search instead for 
Did you mean: 

CHARM: Logon restriction to satellite system

Former Member
0 Kudos

Hi

With CHARM functinality, users are allowed to logon satellite system via Solman only when logon action is approved. This is great control, but how can we prevent users from loging directly to satellite system?

In short, I would like to accomplish this

User > SAPGUI > Satellite (i.e ECC) Not possible

User --> SAPGUI --> Solman --> Satellite Possible when approved in Solman

I tested this with changing user type in SU01 (dialog, communication, system, service...), but none of them solved my problem.

Maybe, I should post this question in BASIS forum, but though this was common problem in CHARM envirnment. Thanks in advance.

Regards

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Hello Koji,

I guess you must have a very good reason to do this because this is a strange request (unless you want to monitor in the frame of which project/change doc the user go in which system...but.)

If I have to solve this requirement I would block the sap logon (meaning user can not change or add items anymore) and remove the satellite system you want to control via solman from the list of systems.

best regards Xavier

Former Member
0 Kudos

Hi, Xavier

Thank you for your reply. End users will continue to log on satellite system. No change for them.

What I meant is that I want to control developers / testers' logon activities.

They can logon DEV / QA servers only when approved by Solman.

Problem is that their users need to exist in satellite system, and they can still directly log on to DEV / QA. This is why I want to accomplish such a functionality. I wonder if any configuration solve this.

Regards

Koji

Former Member
0 Kudos

Hi,

the only solution I see is to remove this satellites system from the SAP logon menu and lock the SAP logon menu edit right for them. (I don't know how you company is managing this, by distributing it or if every one can add or modify SAP logon system list ?)

But usually developers needs to change it regularly because they need to access special provisory systems.

best regards