cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

No direct SPRO in managed system, only via SOLAR01 / 02

former_member402128
Discoverer

on ‎05-25-2011 10:00 AM

0 Kudos

Hi,

Is it possible to prevent users from launching SPRO directly from the managed systems but allow customizing through transaction SOLAR01 / SOLAR02 via Solution Manager?

Thanks.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎09-26-2011 11:28 AM
0 Kudos

Hi Guys,

We accomplished your exacr requirment by the following:

We lleft the team's SPRO authorization in DEV but blocked them from using it via a BADI thus forcing them to login via SOLAR02, input the IMG object and customize from there.

Here are the 3 BADIS:

ZENI_BLOCK_SPRO_IN_DEV_200

Logical Position: \FU:STREE_EXTERNAL_DISPLAY\SE:BEGIN\EI

  • - Block Customization in Dev 200 Environment

if SY-MANDT = '200' and SY-SYSID = 'ECD'

and ( SY-TCODE(4) = 'SPRO' or SY-TCODE = 'SST0' ).

message E172(00) with SY-TCODE.

endif.

ZENI_BLOCK_SPRO_IN_DEV_200_A

Logical Position: \FU:SPROJECT_STRUCTURE_EDIT\SE:BEGIN\EI

  • - Block Customization in Dev 200 Environment

if SY-MANDT = '200' and SY-SYSID = 'ECD'

and ( SY-TCODE(4) = 'SPRO' or SY-TCODE = 'SST0' ).

message E172(00) with SY-TCODE.

endif.

*

ZENI_BLOCK_SPRO_IN_DEV_200_B

Logical Position: \PR:SAPLS_IMG_TOOL_5\FO:CHECK_FOR_CRM\S

  • - Block Customization in Dev 200 Environment

if SY-MANDT = '200' and SY-SYSID = 'ECD'

and ( SY-TCODE(4) = 'SPRO' or SY-TCODE = 'SST0' ).

message E172(00) with SY-TCODE.

endif.

Best Regards,

Oded Dagan

SAP Project Manager & Solution Manager expert

Show replies
Show replies
Former Member
‎05-30-2011 6:44 PM
0 Kudos

Hi Kailash,

As far as i know there is no standard way to do that, since when you're

accessing the system via solar01/02, you're just connecting through

the RFC to perform this customizing just as if you do when you manually

log in and perform the actions.

The only way I can imagine you to do that is organizing it in a way that

the users that have access to the managed system manually, doesn't have

enough authorizations to access the transactions you don't want them to

access, while the user used in the trusted RFC to access the system will

have this authorizations. But in case the RFC is set to connect to

the managed system with the user that is current logged in the solman,

it'll not work.

Unfortunately, there is no way to make the customizing accessible

just via solar projects.

Kind regards,

Fabricius

Show replies
Show replies
Former Member
‎06-01-2011 8:31 PM
0 Kudos

Hi Kailash:

One way to limit access for the team is to limit or devoid the direct GUI access to the managed system. This will force them to login via Solution Manager. As explained by others, the authorization is stil the same in the back end system.

also make sure that all the IMG obejcts that need to be configured are attached to the IMG obejct created by the project and olny the sol Man administrator should add/modify the objects from the IMG object

prakhar_saxena
Active Contributor
‎05-25-2011 11:03 AM
0 Kudos

Hi

When user from Solar02 enter spro of managed system they are not using any authorization specific in solman except solar02

therefore if they already have the access of SPRO in managed system they can access via solman too

solman just called a trusted RFC with which users get logged to Managed system but with their managed system authorization

You need to formulate a process if you want users to do so.

Hope i have clarified

Regards

Prakhar

Show replies
Show replies
Ask a Question