on 06-09-2010 9:28 AM
Hi all,
My company recently disabled multiple logon. Furthermore we want to restrict users so they can't kick out logged in IDs if they happen to know the password. For example, user 1 logs in with ID ABC and user 2 tries to login with the same ID ABC. The option 'Continue with this logon and end any other logons in the system' prompts to user 2 will allow user 2 to kick out user 1 which is what we want to prevent. May I seek for your advice if there's any way to remove this option?
Thanks in advance.
Regards,
Eric
Dear Eric
Create a user-id for each user, it's bad practice having several persons working with the same user-id.
You can easily copy an existing user in transaction SU01 to a new user-id, it's just a matter of maintaining first & last name and setting an initial passowrd.
Using the same user-id causes serious security risks as you don't have proper traceability who did what and so on.
Besides the best practice of not allowing users to use same user-id, there is no parameter that can be set to disable the option you look to disable.
Kind regards
Tom
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tom,
Thanks a lot for your advices. We are working towards the standard way as you suggested. It's just in the transition process users need time to get used to the new policy. Also this is the reason why we want to deny the connection request directly so the users know they are not allowed to use the same IDs anymore nor can they kick the legitimate user out of the system.
As you've mentioned there is no parameter that can achieve what we need. May I know if you think there's any way that we might be able to achieve it through programs? Thank you in advance.
Regards,
Eric
Eric,
Even though question is marked as answered , i am adding up as this requirement does not hold good practically.
Any how even if you achieve this using some tweaks, what will you do in case unauthorized user log in before actual user ...You will wait till he log off
To avoid this only we have concept of user name and password.
So best way is not to share password and management decision only can help you.
Regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Eric
I would answer by default "anything is possible" when it comes to an application that is supported by a database.
It's possible to create the neccesary programming / tables to achieve the wanted effect.
I'm sure you can find some information on SDN or google on the topic but I believe the effort is not worth it as you say it's a transition period.
Maybe another useful transaction for you is SU10 (mass user changes) where you can create many users at once. It's not much effort to create X number of users which have the same authorization as the one you now use with several end-users.
KInd regards
Tom
Thank you Raghu, Nibu and Joe for your kind advices. It's good to know that there might not be standard way to disable this option and Joe is right that managerial decision/support might be more helpful/practical to really achieve what we are looking for.
Thanks again.
Regards,
Eric
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
95 | |
11 | |
11 | |
10 | |
9 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.