topic Re: User validity in Application Development and Automation Discussions

User validity

Former Member — Mon, 28 Jul 2008 12:37:14 GMT

Hi Experts,

Please any one let me know your suggestions on below issue.

i.e. I have created one user id with validity date like 01.07.08 to 25.07.08 in his user master record.

On 25.07.2008 at 11:30 pm he has been accessing the server. can he able to continue his work after 12am (i.e. 26.07.2008) if he didn't logout from the system?

Regards,

Reddy V.

Re: User validity

Former Member — Mon, 28 Jul 2008 12:47:46 GMT

Yes.

Re: User validity

Former Member — Mon, 28 Jul 2008 12:56:20 GMT

Hi Julius Bussche,

Thank you for your information.but how can I restrict this user id validation If this user ids is continuously working in the system with out logout from the system.

Please let me know you suggestions.

Regards,

Reddy V.

Re: User validity

Former Member — Mon, 28 Jul 2008 13:02:45 GMT

Hi Reddy V,

You can restrict the validity of their roles (from , to, on "Roles" tab in SU01 or "User" tab in PFCG) to expire at the end of the day, and then shortly after midnight schedule report PFCG_TIME_DEPENDENCY to do a user compare.

They will still be logged on, but they will loose all their access when the profiles are removed... so they will probably logoff and go home.

Cheers,

Julius

PS: The above will not work for releases lower than 6.10.

Re: User validity

jurjen_heeck — Mon, 28 Jul 2008 13:06:44 GMT

> how can I restrict this user id validation If this user ids is continuously working in the system with out logout from the system.

You mean 24/7? They're bound to get some coffee or something to eat at some point. Have a look at the profile parameter "rdisp/gui_auto_logout" to make use of these periods of inactivity.

Re: User validity

Former Member — Mon, 28 Jul 2008 14:58:57 GMT

Perhaps you could just kill their session at 12:01 am using tcode SM04. They are not supposed to be on after the validity date so kiing their session should be OK.

Re: User validity

Former Member — Mon, 28 Jul 2008 15:10:31 GMT


> Perhaps you could just kill their session at 12:01 am using tcode SM04.

Yeah, but then you have to set your alarm-clock for midnight as well

It is nicer if the system does it for you.

Cheers,

Julius

Re: User validity

Former Member — Mon, 28 Jul 2008 15:14:24 GMT


> You mean 24/7?  They're bound to get some coffee or something to eat at some point. Have a look at the profile parameter "rdisp/gui_auto_logout" to make use of these periods of inactivity.

What if they remain active (not that there is anything wrong with that) or park the mouse on something which rattles it around all the time and hits "Enter" every 5 minutes.

The only realistic way I can think of is to limit the validity on the role assignment (and possibly prevent them from stopping the PFUD job - just incase this is an important requirement).

Cheers,

Julius

Re: User validity

Former Member — Thu, 21 Aug 2008 06:50:28 GMT

Thanks for you information

Re: User validity

Wolfgang_Janzen — Thu, 21 Aug 2008 08:07:18 GMT


> How can I restrict this user id validation If this user ids is continuously working in the system with out logout from the system.

Well, in addition to the role assignments (which can be removed time-triggered as Julius has mentioned) it's also worth mentioning that (even internal) RFCs, asynchronous updates, background jobs, etc will all fail if the account validity was exceeded. Since quite a lot of applications make use of RFC and/or asynchronous updates the user will be effected by the account expiration.