on 05-25-2011 10:00 AM
Hi,
Is it possible to prevent users from launching SPRO directly from the managed systems but allow customizing through transaction SOLAR01 / SOLAR02 via Solution Manager?
Thanks.
Hi Guys,
We accomplished your exacr requirment by the following:
We lleft the team's SPRO authorization in DEV but blocked them from using it via a BADI thus forcing them to login via SOLAR02, input the IMG object and customize from there.
Here are the 3 BADIS:
ZENI_BLOCK_SPRO_IN_DEV_200
Logical Position: \FU:STREE_EXTERNAL_DISPLAY\SE:BEGIN\EI
- Block Customization in Dev 200 Environment
if SY-MANDT = '200' and SY-SYSID = 'ECD'
and ( SY-TCODE(4) = 'SPRO' or SY-TCODE = 'SST0' ).
message E172(00) with SY-TCODE.
endif.
ZENI_BLOCK_SPRO_IN_DEV_200_A
Logical Position: \FU:SPROJECT_STRUCTURE_EDIT\SE:BEGIN\EI
- Block Customization in Dev 200 Environment
if SY-MANDT = '200' and SY-SYSID = 'ECD'
and ( SY-TCODE(4) = 'SPRO' or SY-TCODE = 'SST0' ).
message E172(00) with SY-TCODE.
endif.
*
ZENI_BLOCK_SPRO_IN_DEV_200_B
Logical Position: \PR:SAPLS_IMG_TOOL_5\FO:CHECK_FOR_CRM\S
- Block Customization in Dev 200 Environment
if SY-MANDT = '200' and SY-SYSID = 'ECD'
and ( SY-TCODE(4) = 'SPRO' or SY-TCODE = 'SST0' ).
message E172(00) with SY-TCODE.
endif.
Best Regards,
Oded Dagan
SAP Project Manager & Solution Manager expert
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kailash,
As far as i know there is no standard way to do that, since when you're
accessing the system via solar01/02, you're just connecting through
the RFC to perform this customizing just as if you do when you manually
log in and perform the actions.
The only way I can imagine you to do that is organizing it in a way that
the users that have access to the managed system manually, doesn't have
enough authorizations to access the transactions you don't want them to
access, while the user used in the trusted RFC to access the system will
have this authorizations. But in case the RFC is set to connect to
the managed system with the user that is current logged in the solman,
it'll not work.
Unfortunately, there is no way to make the customizing accessible
just via solar projects.
Kind regards,
Fabricius
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kailash:
One way to limit access for the team is to limit or devoid the direct GUI access to the managed system. This will force them to login via Solution Manager. As explained by others, the authorization is stil the same in the back end system.
also make sure that all the IMG obejcts that need to be configured are attached to the IMG obejct created by the project and olny the sol Man administrator should add/modify the objects from the IMG object
Hi
When user from Solar02 enter spro of managed system they are not using any authorization specific in solman except solar02
therefore if they already have the access of SPRO in managed system they can access via solman too
solman just called a trusted RFC with which users get logged to Managed system but with their managed system authorization
You need to formulate a process if you want users to do so.
Hope i have clarified
Regards
Prakhar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.