cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restricting SPRO / Solution Manager

Former Member

on ‎03-13-2007 6:12 PM

0 Kudos

Hi,

We are about to do configuration in DEV through Solution Manager. I am actually trying to find a method to stop people from loging to the DEV system (specific client -eg:200) and doing SPRO configurations. I can deactivate the password in DEV 200 so that no person logs in to DEV to do SPRO. I can have a trusted RFC to DEV from Solution Manager, and ask the configurators to click on the "configure" button to take them to the configuration screen.

My question is - 1) After the person logs in to the the DEV throgh Solman via trusted RFC and perform his IMG config, I want to make sure he does not go and open a new session (/ospro). I can assume that the same person can go to a new session with SPRO and can do some configuration, which Solman dont have a record of.

2) After the person logs in to DEV and when he finishes the config, I want him to be logged off if he press the "back" button in the IMG screen.

Can this be done??

Please advise.. I would like to close the front door and back door..

Thanks, Mehfil

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎03-14-2007 5:16 PM
0 Kudos

Thanks Andreas. I think, whatever is possible to resolve this issue is answered by Andreas. But, the solution is not completely feasible to the business (we cannot limit one session per user by maintaining the instance profile)

Show replies
Show replies
former_member190969
Active Contributor
‎03-15-2007 10:47 AM
0 Kudos

Hi Mehfli,

you misunderstood me. My last suggestion was to limit authorizations, not to limit the session per user.

Regards

Andreas

former_member190969
Active Contributor
‎03-14-2007 11:11 AM
0 Kudos

Hi Mehflil,

you can limit the number of sessions a user may open. But this won't help much because you can't prevent him typing /nspro in the OK-code field. What you could try is to create a role for that user, that misses the transaction authorization for that user, but has all other authorizations SPRO needs. This should work because we call a function module of SPRO, not the transaction itself from Solution Manager.

Regards

Andreas

Show replies
Show replies
Former Member
‎03-14-2007 2:41 PM
0 Kudos

Hi Andreas,

Thanks for the reply. Could you please explain " create a role for that user, that misses the transaction authorization" ..

As you said, I can try to limit the user sessions which can be opened, but I guess this is done in the instance profile and effects everybody. is that right?

thanks

former_member190969
Active Contributor
‎03-14-2007 3:31 PM
0 Kudos

> Hi Andreas,

>

> Thanks for the reply. Could you please explain "

> create a role for that user, that misses the

> transaction authorization" ..

I mean you could create an authorization role in PFCG that has all authorizations riquired for SPRO, but you delete the authorization for the T-Code SPRO. This is authorization object S_TCODE. You find it on the authorizations tab underneath of cross application authorization objects

> As you said, I can try to limit the user sessions

> which can be opened, but I guess this is done in the

> instance profile and effects everybody. is that

> right?

Yes, this would affect everybody and would not help much since you can start a transaction without opening a new mode.

Regards

Andreas

Ask a Question