cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Prevent viewing of saplogon.ini

Go to solution
former_member323185
Participant

on ‎02-24-2015 3:17 AM

0 Kudos

Hi,

Is there anyway to prevent a user from opening the saplogon.ini file with an editor and view the content of the file? I am trying to do that in order to prevent sensitive saproute strings from being revealed.

Thanks.

Regards,

Lim

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

jude_bradley
Advisor
Advisor
‎02-24-2015 7:41 AM
0 Kudos

As far as I know, the file can be made read-only,but there is nothing to stop an end-user viewing the file.

The only alternative I can think of,is to restrict users from using a text editor using group policy.

https://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx

Regards,

Jude

Show replies
Show replies

Answers (2)

Answers (2)

Matt_Fraser
Active Contributor
‎03-03-2015 4:20 PM
0 Kudos

Ultimately, other than the group policy route suggested by Jude, I don't think you can do this. The SAPLogon (or SAPLogon-Pad) must be able to read the saplogon.ini file in order to connect to the servers, and since SAPLogon runs in the context of the user, that means the user must be able to read the file. You can prevent editing of the file, obviously, either through SAPLogon-Pad (which doesn't really prevent much), or by keeping it in a read-only centralized location on a server (much better option), but you can't really stop someone from reading it if they need to use it for their work.

What about the saproute strings is so sensitive?

Show replies
Show replies
former_member323185
Participant
‎03-03-2015 4:41 PM
0 Kudos

Our saplogon.ini contains entries to many customers' SAP systems. The saproute strings also reveal the saprouter password of our customers' saprouter. If a user who works temporary on a customer's system, he/she who has access to the saproute string may copy it to another saplogon installation and gain access to the logon screen of the customer's SAP system.

Yes we can delete the user account or disabled it but we prefer temp users not to know the saproute string of a customer's SAP system.

jude_bradley
Advisor
Advisor
‎03-04-2015 7:32 AM
0 Kudos

Hello Mr Lim,

That is not a very good policy you have there. Suggest you rethink your saplogon.ini layout for better security.

Jude

thanga_prakash
Active Contributor
‎03-03-2015 9:05 AM
0 Kudos

Hello Wee Seng Lim,

The main reason behind your question is you don't want any users to edit the server information in logon pad, If it is so, then you can disable the edit button by following below steps.

Click on top left corner of the logonpad and then go to options --> SAP Logon options --> General --> Check on the "Disable editing of connection entries" --> close the logon pad and relaunch again.

You will find the EDIT button in logon pad Disabled (Greyed out)

Regards,

TP

Show replies
Show replies
former_member323185
Participant
‎03-03-2015 9:30 AM
0 Kudos

Hi Thanga,

The main objective is to prevent user from opening the saplogon.ini file. SAPLogon Pad by itself already can prevent users from editing the connection entries.

Regards,

Lim

Ask a Question