cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to deny second logon for the same ID?

Go to solution
Former Member

on ‎06-09-2010 9:28 AM

0 Kudos

Hi all,

My company recently disabled multiple logon. Furthermore we want to restrict users so they can't kick out logged in IDs if they happen to know the password. For example, user 1 logs in with ID ABC and user 2 tries to login with the same ID ABC. The option 'Continue with this logon and end any other logons in the system' prompts to user 2 will allow user 2 to kick out user 1 which is what we want to prevent. May I seek for your advice if there's any way to remove this option?

Thanks in advance.

Regards,

Eric

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

TomCenens
Active Contributor
‎06-09-2010 10:27 AM
0 Kudos

Dear Eric

Create a user-id for each user, it's bad practice having several persons working with the same user-id.

You can easily copy an existing user in transaction SU01 to a new user-id, it's just a matter of maintaining first & last name and setting an initial passowrd.

Using the same user-id causes serious security risks as you don't have proper traceability who did what and so on.

Besides the best practice of not allowing users to use same user-id, there is no parameter that can be set to disable the option you look to disable.

Kind regards

Tom

Show replies
Show replies
Former Member
‎06-10-2010 2:03 AM
0 Kudos

Hi Tom,

Thanks a lot for your advices. We are working towards the standard way as you suggested. It's just in the transition process users need time to get used to the new policy. Also this is the reason why we want to deny the connection request directly so the users know they are not allowed to use the same IDs anymore nor can they kick the legitimate user out of the system.

As you've mentioned there is no parameter that can achieve what we need. May I know if you think there's any way that we might be able to achieve it through programs? Thank you in advance.

Regards,

Eric

Former Member
‎06-10-2010 7:00 AM
0 Kudos

Hi Eric,

It may be possible through customization. But its all SAP standard objects and it is not advised to edit SAP standard objects until it is really mandatory.

If you feel, the scenario you have stated is mandatory, you can write to SAP and check with them itself.

Cheers...,

Raghu

Nibu
Contributor
‎06-10-2010 7:34 AM
0 Kudos

HI

I would suggest to raise the same to OSS before editing anything to achieve this since you have to edit the standard objects.

Regards,

Nibu Antony

Edited by: Nibu Antony on Jun 10, 2010 8:36 AM

Former Member
‎06-10-2010 7:53 AM
0 Kudos 
...  so the users know they are not allowed to use the same IDs anymore nor can they kick the legitimate user out of the system.

Why not advise the legitimate user to change their password and not to tell anybody?

Edited by: Joe Bo. on Jun 10, 2010 8:54 AM (typo)

Answers (2)

Answers (2)

Former Member
‎06-10-2010 11:36 AM
0 Kudos

Eric,

Even though question is marked as answered , i am adding up as this requirement does not hold good practically.

Any how even if you achieve this using some tweaks, what will you do in case unauthorized user log in before actual user ...You will wait till he log off

To avoid this only we have concept of user name and password.

So best way is not to share password and management decision only can help you.

Regards,

Show replies
Show replies
Former Member
‎06-11-2010 1:45 AM
0 Kudos

Gagan,

You are exactly right about the whole situation and thanks for adding this comment. Whatever workaround we might have will not make this 'share ID' thing go away from technical perspective. We will have the management decide what they would like to do.

Thank you.

Regards,

Eric

TomCenens
Active Contributor
‎06-16-2010 7:51 AM
0 Kudos

Dear Eric

I would answer by default "anything is possible" when it comes to an application that is supported by a database.

It's possible to create the neccesary programming / tables to achieve the wanted effect.

I'm sure you can find some information on SDN or google on the topic but I believe the effort is not worth it as you say it's a transition period.

Maybe another useful transaction for you is SU10 (mass user changes) where you can create many users at once. It's not much effort to create X number of users which have the same authorization as the one you now use with several end-users.

KInd regards

Tom

Former Member
‎06-17-2010 1:41 AM
0 Kudos

Hi Tom,

Thanks for your advices. As you said it might not worth the effort we will spend nor does it comply with SAP policy.

Regards,

Eric

Former Member
‎06-10-2010 9:34 AM
0 Kudos

Thank you Raghu, Nibu and Joe for your kind advices. It's good to know that there might not be standard way to disable this option and Joe is right that managerial decision/support might be more helpful/practical to really achieve what we are looking for.

Thanks again.

Regards,

Eric

Show replies
Show replies
Ask a Question