cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Any parameters can restrict user ID to log-on application server

Go to solution
Former Member

on ‎07-24-2007 9:05 AM

0 Kudos

Dear All,

I had configured the login group (/nSMLG) as following:

Logon Group Instance

TEST app1

TEST app2

app3

app4

However, app3 and app4 still have illegal user log-on.

Did any profile parameters can restrict user ID to log-on application

server?

BR,

Well

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-25-2007 5:19 AM
0 Kudos

Hey Well,

If you dont want the users to login to the APP3 and APP4 then whats the purpose of those app servers?

Are they meant for batch job scheduling?

Do you have two IP's in each of the system, one for communication between system(Big IP - Internal IP) and another ip for user access(small IP - external)

If thats the case, then you can enter the internal IP address in the SMLG, which restricts access from users but it does communicates between app servers.

Vijay

Show replies
Show replies

Answers (3)

Answers (3)

Former Member
‎07-25-2007 6:41 AM
0 Kudos

Dear All,

Thanks for reply!

App3 and app4 are used for batch job and some restricted user logon (since there're no time limit for the dialog process).

I find OSS note - 118093 and 26317, both recommended that to restrict the user in SAP GUI. However, it will become more perfect if I can set the limitation in server size.

Thanks and regards,

Well

Show replies
Show replies
Former Member
‎07-25-2007 7:00 AM
0 Kudos

If you want only for Batch, then remove the dialog process parameter from those server profiles(rdisp/no_wp_dia) OR set op mode to use all the work process as batch process.

Regards,

vijay

Former Member
‎07-25-2007 5:56 PM
0 Kudos

Hi Vijay,

I would not really suggest this becausse apparently he needs select few users to be able too login into the server.

Regards.

Ruchit.

Former Member
‎07-25-2007 5:51 AM
0 Kudos

Hi,

If you configured logon group for while adding logon pad goto groups>generate list. There you will get only logon group not application servers which are configured with SMLG. Don't add logon item with New item from logon pad.

Change the application server 3 & 4 IP address which should be confidential.

Regards,

Ganesh

****Reward points if Helpful*****

Show replies
Show replies
Former Member
‎07-24-2007 11:21 AM
0 Kudos

Hello Well Well,

I could clearly understand what you mean. From what you have stated I am able to understand that:

1. You have 4 application servers.

2. You have included 2 of them in Logon group TEST.

3. The remaining two are not part of logon group.

4. You want users not to login into app3 and app4 but to TEST only.

There is no profile paramter for this. At the max you can close the dispatcher port for these 2 servers but then no one would be able to login into them.

Best is to include all of them in to SMLG.

Regards.

Ruchit.

Show replies
Show replies
Former Member
‎07-25-2007 4:11 AM
0 Kudos

Hi Ruchit,

You are right! Thank you for you information!

Can you explain more details on how to close the dispatcher port? Thanks!

On the other hard, if the user know the server id of app3 and app4, and they add them manual into logon pad, could they still can connect to the app3 and app4?

BR,

Well

Former Member
‎07-25-2007 5:18 AM
0 Kudos

Hi Well Well,

This is something your network team will do.

They will ensure firewall settings are in place.Actulally they will block access to app3 and app4 thereby indirectly closing the dispatcher port .Contact your network folks.I am not really an expert on this.

Even if the user knows server details he will not be able to login as long as firewall is in place.

Though I would not really recommend this as the first up approach. That way you are not utilizing app3 and app4. What do you plan to do with these 2 instances?

Regards.

Ruchit.

Ask a Question