Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Remote access question

Former Member

‎03-12-2007 10:22 AM

0 Kudos

Hello everyone,

can you please help me?

I want to check if Remote access has been enabled in the R/3? I want to ensure users do not access the system from anytwhere else but in the office. Any tests or tables that can give me this answer?

many thanks

4 REPLIES 4

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎03-12-2007 10:25 AM

0 Kudos

Well, the best way to ensure this is on the network level (-> routers, packet filter firewalls) - if it should apply to all users of that system.

Regards, Wolfgang

Former Member
In response to WolfgangJanzen

‎03-12-2007 10:30 AM

0 Kudos

Thanks for your response.

is there a way to check in the actual R/3? for example is there a security parameter in RSPARAM that controls this?

many thanks

Former Member
In response to WolfgangJanzen

‎03-12-2007 11:56 AM

0 Kudos

HI Mar,

no there is no such parameter to control it. The only thing you can do is to monitor it by looking at who did security audit log on to the system. Please have a look at <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/68/c9d8375bc4e312e10000009b38f8cf/frameset.htm">the docs on the security audit log</a>.

Regards,

Patrick

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to WolfgangJanzen

‎03-12-2007 12:27 PM

0 Kudos

There are certain known constraints and limitations:

(1) IP addresses are usually not time-invariant (DHCP)

<u>Exception</u>: checking only on IP addresss ranges (network address)

(2) using proxies (reverse web proxies, SAProuter, etc.) will make it impossible for the server to determine the IP address of the client; he only sees the proxy's IP address

<u>Notice</u>: in that case the proxy can be used for access control (e.g. SAProuter ACL). In addition you might use multiple proxies and then be able to determine which proxy was used to access the application server.

(3) It might not be posssible for the server to determine the client's hostnames (for the reason provided in (2) and because inverse lookups are time-consuming or somethings not possible, e.g. when using DNS without supporting DHCP lookups)

(4) data (such as the hostname) that is provided by the client itself (because of reason (3)) is not trustworthy and should not be used for access control purposes

Cheers, Wolfgang

PS: ABAP function module TH_USER_INFO might be useful for you

Message was edited by:

Wolfgang Janzen