Restricting users to login to the SAP backend appl...

Hello Experts,

We have ESS/MSS portal and UME for this is pointing to backend ECC6 system. End users should login to ESS/MSS portal only and should not be able to access ECC6 backend server directly through SAPGUI - how can we achieve this ?

Thanks

Davinder

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Accepted Solutions (0)

Answers (2)

Thanks

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Users can change his saplogon.ini files on PC? Are you use the logon balancing or direct connect to appl server ? Regards.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hi Sergo,

Thanks for your reply.

Problem is SAPGUI is already installed on most of these users and they need to login to other SAP backend servers - so removing SAPGUI or changing their SAPLOGON.ini would be very very difficult.

Scenario:

We have NW04s portal which is connected to ECC6 backend (multiple application servers) - we have installed webdispatcher and portal connection is to Webdispatcher which distributes load to ECC6 application servers. End users will login to the portal, but should not be allowed to login directly to backend systems.

Is there any specific parameter or user type with which user is allowed to login only in portal but not in backend?

Thanks

Davinder

You are not answer, are users able to change the saplogon.ini or not ? The connections to backend system are using logon groups or direct acess to appl. servers ? If logon groups, you can delete this logon group and create another for your Portal connection's to backend, if users can't change his own saplogon.ini no one will be able to login ...

P.S. are you use only ESS , MSS or any other connection to your backend ?

You can use fire wall to not allow connection from users ....

Regards.

Edited by: Sergo Beradze on Jun 9, 2009 1:20 PM

You are not answer, are users able to change the saplogon.ini or not ?

Some of them may be able to change their own saplogon.ini

The connections to backend system are using logon groups or direct acess to appl. servers ?

Logon Groups

If logon groups, you can delete this logon group and create another for your Portal connection's to backend, if users can't change his own saplogon.ini no one will be able to login ...

Appreciate your idea, but the problem here is there are 3500 users, out of which only 500 will use ESS/MSS portal and rest should be able to use backend system with logon group.

Thanks

Davinder

Then only fire wall Regards.

That's also nice idea - but doesnt work in our case

I tried by changing the user type to SYSTEM or COMMUNICATION user. With this they can't login to backend (getting message login with dialog user) - but portal login is working.

Now i need to make sure everything is working as expected in portal with these user types.

How do you think about this and is there any license violations if we do this?

Regards

Davinder

That's also nice idea - but doesnt work in our case 😞

Why not ? Your NET team can't do it?

I tried by changing the user type to SYSTEM or COMMUNICATION user.

Problem with licenses , try to open call to SAP about this ...

Regards.

Yeah Network team can do it, but you know that puts extra cost on project costing (as this would need to be done for selective users only) - specially during credit crunch

SAP Note Number: 327917 -- New user types as of Release 4.6C - says you "Communication" user type is not allowed for interactive SAPGUI.

About license restrictions, will check with SAP support and share their feedback..

once again thanks for you help.

Regards

Davinder

Ask a Question