on 03-13-2007 6:12 PM
Hi,
We are about to do configuration in DEV through Solution Manager. I am actually trying to find a method to stop people from loging to the DEV system (specific client -eg:200) and doing SPRO configurations. I can deactivate the password in DEV 200 so that no person logs in to DEV to do SPRO. I can have a trusted RFC to DEV from Solution Manager, and ask the configurators to click on the "configure" button to take them to the configuration screen.
My question is - 1) After the person logs in to the the DEV throgh Solman via trusted RFC and perform his IMG config, I want to make sure he does not go and open a new session (/ospro). I can assume that the same person can go to a new session with SPRO and can do some configuration, which Solman dont have a record of.
2) After the person logs in to DEV and when he finishes the config, I want him to be logged off if he press the "back" button in the IMG screen.
Can this be done??
Please advise.. I would like to close the front door and back door..
Thanks, Mehfil
Thanks Andreas. I think, whatever is possible to resolve this issue is answered by Andreas. But, the solution is not completely feasible to the business (we cannot limit one session per user by maintaining the instance profile)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mehflil,
you can limit the number of sessions a user may open. But this won't help much because you can't prevent him typing /nspro in the OK-code field. What you could try is to create a role for that user, that misses the transaction authorization for that user, but has all other authorizations SPRO needs. This should work because we call a function module of SPRO, not the transaction itself from Solution Manager.
Regards
Andreas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Andreas,
Thanks for the reply. Could you please explain " create a role for that user, that misses the transaction authorization" ..
As you said, I can try to limit the user sessions which can be opened, but I guess this is done in the instance profile and effects everybody. is that right?
thanks
> Hi Andreas,
>
> Thanks for the reply. Could you please explain "
> create a role for that user, that misses the
> transaction authorization" ..
I mean you could create an authorization role in PFCG that has all authorizations riquired for SPRO, but you delete the authorization for the T-Code SPRO. This is authorization object S_TCODE. You find it on the authorizations tab underneath of cross application authorization objects
> As you said, I can try to limit the user sessions
> which can be opened, but I guess this is done in the
> instance profile and effects everybody. is that
> right?
Yes, this would affect everybody and would not help much since you can start a transaction without opening a new mode.
Regards
Andreas
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.