07-28-2008 1:37 PM
Hi Experts,
Please any one let me know your suggestions on below issue.
i.e. I have created one user id with validity date like 01.07.08 to 25.07.08 in his user master record.
On 25.07.2008 at 11:30 pm he has been accessing the server. can he able to continue his work after 12am (i.e. 26.07.2008) if he didn't logout from the system?
Regards,
Reddy V.
07-28-2008 1:47 PM
07-28-2008 1:56 PM
Hi Julius Bussche,
Thank you for your information.but how can I restrict this user id validation If this user ids is continuously working in the system with out logout from the system.
Please let me know you suggestions.
Regards,
Reddy V.
07-28-2008 2:02 PM
Hi Reddy V,
You can restrict the validity of their roles (from , to, on "Roles" tab in SU01 or "User" tab in PFCG) to expire at the end of the day, and then shortly after midnight schedule report PFCG_TIME_DEPENDENCY to do a user compare.
They will still be logged on, but they will loose all their access when the profiles are removed... so they will probably logoff and go home.
Cheers,
Julius
PS: The above will not work for releases lower than 6.10.
07-28-2008 2:06 PM
> how can I restrict this user id validation If this user ids is continuously working in the system with out logout from the system.
You mean 24/7? They're bound to get some coffee or something to eat at some point. Have a look at the profile parameter "rdisp/gui_auto_logout" to make use of these periods of inactivity.
07-28-2008 4:14 PM
>
> You mean 24/7? They're bound to get some coffee or something to eat at some point. Have a look at the profile parameter "rdisp/gui_auto_logout" to make use of these periods of inactivity.
What if they remain active (not that there is anything wrong with that) or park the mouse on something which rattles it around all the time and hits "Enter" every 5 minutes.
The only realistic way I can think of is to limit the validity on the role assignment (and possibly prevent them from stopping the PFUD job - just incase this is an important requirement).
Cheers,
Julius
08-21-2008 9:07 AM
>
> How can I restrict this user id validation If this user ids is continuously working in the system with out logout from the system.
Well, in addition to the role assignments (which can be removed time-triggered as Julius has mentioned) it's also worth mentioning that (even internal) RFCs, asynchronous updates, background jobs, etc will all fail if the account validity was exceeded. Since quite a lot of applications make use of RFC and/or asynchronous updates the user will be effected by the account expiration.
07-28-2008 3:58 PM
Perhaps you could just kill their session at 12:01 am using tcode SM04. They are not supposed to be on after the validity date so kiing their session should be OK.
07-28-2008 4:10 PM
>
> Perhaps you could just kill their session at 12:01 am using tcode SM04.
Yeah, but then you have to set your alarm-clock for midnight as well
It is nicer if the system does it for you.
Cheers,
Julius
08-21-2008 7:50 AM