cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Howto disable direct login into DB server

Go to solution
former_member185954
Active Contributor

on ‎12-28-2006 1:01 PM

0 Kudos

Hello Experts,

I have a very old system with me(SAP 4.0B running on AIX/Oracle DB) which has 7 application servers, however there is too much load on all servers.

I wish to restrict users logging directly onto the DB server.

Is there a way to disable users login into DB servers, I know about SAP logon groups, however a user would still be able to bypass it by configuring direct connection in the saplogon.

There could be a parameter perhaps that I don't recollect right now !

Any help is appreciated.

Regards,

Siddhesh

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-28-2006 10:08 PM
0 Kudos

Hello Siddhesh,

Using the dialog logon user exit SUSR0001, you can add your custom checks to logon procedure.

You have to enable the logon user exit using SAP enhancements (CMOD transaction) and write your ABAP code to check the users.

Regards

Ermanno

Show replies
Show replies
former_member185954
Active Contributor
‎12-29-2006 11:48 AM
0 Kudos

Hi Ermanno,

I was aware of this solution, but didn't have detailed knowledge about it , cause I am primarily a Basis guy.

I have assigned some points to you currently, I will check with my ABAPers and let you know.

Meanwhile I'll keep the question open, just in case if someone has some parameter or some other easier option available..

Thanks again.

Regards,

Siddhesh

Former Member
‎12-29-2006 12:56 PM
0 Kudos

Hello Siddhesh,

take into account that no special parameters or settings exist for your issue, so I think ABAP way is the best way.

Please refer to SAP notes 12466 and 106388, in order to get some guidelines about user exit SUSR0001 and SAP enhancements, in particular note 106388 explains how to log off a user (I think it could be precious for your ABAPers).

Regards

Ermanno

former_member185954
Active Contributor
‎12-31-2006 11:50 AM
0 Kudos

Hi ermanno,

I have forwarded the solution you suggested to our customer.

Thanks for your response, I have marked the question as answered

Regards,

Siddhesh

Answers (1)

Answers (1)

Former Member
‎12-29-2006 11:16 AM
0 Kudos

If you cannot do ABAP change -

You have to ensure that no direct logon is configured on users SAPLOGON.

Then disable SAPlogon edit functionality from users machines and give then access to SAPLOGONPAD only.

This way they cannto change saplogon configuration.

Also, you can put saplogon.ini on the network where all users can only read it.

And configure their saplogon's to connect to this ini file.

Show replies
Show replies
former_member185954
Active Contributor
‎12-29-2006 11:21 AM
0 Kudos

Hi Amol,

Thanks for your reply, I am aware of this solution.

We have about 15,000 users, the system is real big, the approach you suggested is not feasible !

Regards,

Siddhesh

Former Member
‎12-29-2006 4:42 PM
0 Kudos

Sid,

Check with your network team if they can isolate your database server from other systems but application servers. Something to do with dual n/w cards... I dont know much abt n/w but remember this was configured at one of the clients I worked before...

former_member185954
Active Contributor
‎12-31-2006 11:48 AM
0 Kudos

Amol,

When you have servers which are global any kind of modification to something as critical as networks can result into fatal outage, network modification is not an option.

Thanks for your feedback although!

I think the user exit is the only option here.

Regards,

Siddhesh

Ask a Question