03-12-2007 10:22 AM
Hello everyone,
can you please help me?
I want to check if Remote access has been enabled in the R/3? I want to ensure users do not access the system from anytwhere else but in the office. Any tests or tables that can give me this answer?
many thanks
03-12-2007 10:25 AM
Well, the best way to ensure this is on the network level (-> routers, packet filter firewalls) - if it should apply to all users of that system.
Regards, Wolfgang
03-12-2007 10:30 AM
Thanks for your response.
is there a way to check in the actual R/3? for example is there a security parameter in RSPARAM that controls this?
many thanks
03-12-2007 11:56 AM
HI Mar,
no there is no such parameter to control it. The only thing you can do is to monitor it by looking at who did security audit log on to the system. Please have a look at <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/68/c9d8375bc4e312e10000009b38f8cf/frameset.htm">the docs on the security audit log</a>.
Regards,
Patrick
03-12-2007 12:27 PM
There are certain known constraints and limitations:
(1) IP addresses are usually not time-invariant (DHCP)
<u>Exception</u>: checking only on IP addresss ranges (network address)
(2) using proxies (reverse web proxies, SAProuter, etc.) will make it impossible for the server to determine the IP address of the client; he only sees the proxy's IP address
<u>Notice</u>: in that case the proxy can be used for access control (e.g. SAProuter ACL). In addition you might use multiple proxies and then be able to determine which proxy was used to access the application server.
(3) It might not be posssible for the server to determine the client's hostnames (for the reason provided in (2) and because inverse lookups are time-consuming or somethings not possible, e.g. when using DNS without supporting DHCP lookups)
(4) data (such as the hostname) that is provided by the client itself (because of reason (3)) is not trustworthy and should not be used for access control purposes
Cheers, Wolfgang
PS: ABAP function module TH_USER_INFO might be useful for you
Message was edited by:
Wolfgang Janzen