Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Locked Client from any changes

Former Member

‎06-02-2011 7:51 AM

0 Kudos

hi all,

currently i having this situation where by my client need me to lock the client from any changes includes the daily transaction, only display activity would be allowed in this client, anyway how i can do this?

Regards

Hariyono

12 REPLIES 12

Former Member

‎06-02-2011 8:13 AM

0 Kudos

1> Hit tcode SCC4.

2> Select your client in change mode.

3> Select option No changes allowed and save.

Your client is lock now.

Thanks..

Mohit

Former Member

‎06-02-2011 8:15 AM

0 Kudos

Hi,

May be he wants to set the client in not modifiable state

do these things

1. SCC4 -> select the client -> select changes w/o automatic recording, no transport allowd

No changes to rep & cross client cust objects

no overwriting

ecatt and catt not allowed

2. SE06 -> system change option -> select not modifiable

Thanks,

Deepthi

jörg_weichert
Explorer
In response to Former Member

‎06-02-2011 10:32 AM

0 Kudos

Hello,

with this options client specific customizing is allowed!

Kind regards

Joerg

jörg_weichert
Explorer

‎06-02-2011 10:38 AM

0 Kudos

Hello Hariyono,

you can´t look a client via transaction SCC4, so that only viewing of data is possible.

If you have the requirement that all users should only be able to view data, you have to remove all change rights from their roles.

Kind regards

Joerg

Former Member
In response to jörg_weichert

‎06-02-2011 10:53 AM

0 Kudos

hi Jörg Weichert

correct my requirement is only to allow users display data and not able to entry any data, instead of changing the authorization is there any other way?

jörg_weichert
Explorer
In response to jörg_weichert

‎06-02-2011 11:26 AM

0 Kudos

Hello,

I had this requirement with different customers and we always changed the roles. I don´t know of any other way to achieve your requirement. If your users are allowed to see all data in the client you could assign them to a role with wide view auths - for example an auditor role.

Kind regards,

Joerg

martin_voros
Active Contributor

‎06-02-2011 11:44 AM

0 Kudos

Hi,

I agree with others that building new roles is one way how to do it. I have a curious question: has anyone tried to turn off write access on DB level? It might not work because event users without access to create transaction data might still generate some data such as logs. I am just wondering.

Cheers

jörg_weichert
Explorer
In response to martin_voros

‎06-02-2011 12:15 PM

0 Kudos

Hi Martin,

has anyone tried to turn off write access on DB level? It might not work because event users without access to create transaction data might still generate some data such as logs.

I also think that this will not work. For example what will happen if some of the user parameters need to be changed (via SU3 or direct by the system). Also at login, the last login date is recorded in the database ...

What is about printing (Most of the data is written to the TEMSE)?

An other option could be to restore the system every night to it´s initial state. However you don´t know during the day if your data

is correct of if anybody has changed it

Kind regards

Joerg

Former Member
In response to martin_voros

‎06-02-2011 12:39 PM

0 Kudos

When you logon the time stamp needs to be updated, so this will produce a lock-out...

An option could be to lock all the users and give them a service user with a display set of roles - but everyone sees everything!

Cheers,

Julius

Former Member
In response to martin_voros

‎06-02-2011 2:37 PM

0 Kudos

Hi Hariyono,

Just wondering t he business requirement for such a need... Usually after mergers, migrations or upgrades we do have reference systems and it makes complete sense to lock out every body and give Display only access to only few in those SAP boxes... The best way is to control the users in such systems as not every body needs access to such reference systems... Its effective user management + display roles assignment in such scenarios that will do th eneedful.

Since you have mentioned that a client needs to be locked i was wondering as that would not stop any cross client customization, WB changes to reach your client if other clients are open .. So wanted to check the business need where only one particular client needs to be locked for all changes and not the system... As opined by others, we too have practiced role changes in such situations and did not resort to any system/basis level changes ...

Thanks in advance for the additional info ...

Rgds,

Sri

Former Member

‎06-02-2011 11:20 PM

0 Kudos

Hari,

The best way is to have seperate roles and authorizations to accomplish this. Seeing how you mentioned you didnt want to change authorizations, perhaps you can get a developer to write a custom program that locks all the create/change/delete transactions on a temporary basis. This is not a perferred way but may be possible.

Former Member

‎06-02-2011 11:25 PM

0 Kudos

Hi Hariyono

currently i having this situation where by my client need me to lock the client from any changes includes the daily transaction, only display activity would be allowed in this client, anyway how i can do this?

And Sri's comment 

Just wondering t he business requirement for such a need...

How long is this needed for and why please? 'Pausing' a system for a few hours or a day is usually part of a BASIS step but what is the background to your request please?

regards

David

Edit - none of which requires SCC4 etc - just a standard lock of users until the BASIS peeps have finished their tasks...

Edited by: David Berry on Jun 2, 2011 11:26 PM

Edited by: David Berry on Jun 2, 2011 11:29 PM