https://community.sap.com/t5/application-development-and-automation-discussions/lock-access-to-abap-system-allow-access-to-java-system/m-p/7312569#M1535678 <HTML><HEAD></HEAD><BODY><P>If you have SSO configured between them ( ABAP &amp; JAVA ) you can achieve your goal</P><P></P><P>and allow GUI access for those 2-3+ users to perform admnistrative activities </P><P>but in this case remember the user will still be unlocked.</P><P></P><P>if the user needs to view data from the backend system</P></BODY></HTML> Wed, 15 Sep 2010 20:10:31 GMT Former Member 2010-09-15T20:10:31Z https://community.sap.com/t5/application-development-and-automation-discussions/lock-access-to-abap-system-allow-access-to-java-system/m-p/7312564#M1535673 <HTML><HEAD></HEAD><BODY><P>Dear SAP colleagues,</P><P></P><P>We do have 2 SAP SRM systems :</P><P></P><P>1. DL1 is our SRM-ABAP system</P><P>2. DJ1 is our SRM-JAVA system</P><P></P><P>A user is created in DL1 (ABAP) system.</P><P>The DJ1 UME links to DL1. In other terms, a user is created in ABAP system (DL1) and automatically replicated to JAVA system (DJ1).</P><P></P><P>My question :</P><P>We want to give access to our user only to DJ1 (SRM-JAVA) system.</P><P>User must not be able to connect on SRM-ABAP system (DL1).</P><P></P><P>If I lock the user in DL1 (ABAP), it is automatically locked on JAVA system (DJ1), which is normal.</P><P></P><P>User has ABAP roles and JAVA roles.</P><P></P><P>Is there a solution to give access to a user on JAVA system (DJ1) and lock the same user in DL1 ?</P><P></P><P>Thanks in advance for your suggestion, even if it is a strange request ...</P><P></P><P>CP</P></BODY></HTML> Tue, 14 Sep 2010 12:31:34 GMT https://community.sap.com/t5/application-development-and-automation-discussions/lock-access-to-abap-system-allow-access-to-java-system/m-p/7312564#M1535673 Former Member 2010-09-14T12:31:34Z https://community.sap.com/t5/application-development-and-automation-discussions/lock-access-to-abap-system-allow-access-to-java-system/m-p/7312565#M1535674 <HTML><HEAD></HEAD><BODY><P>Think this way</P><P></P><P></P><P>U1=user1</P><P>R1= role 1 in java stack</P><P>R2 = role 2 in ABAP stack</P><P></P><P></P><P>How will the user get access to R2? if you remove the relationship between R2 and U1?</P><P>with your present installation model.</P><P></P><P></P><P>I have seen UME/portal UME connected to ABAP database ( ABAP SRM ) only</P><P></P><P>or </P><P></P><P>You have the Netweaver install pointing to UME only ( my knowledge is it will be java only stack )</P><P>in that case your NW SRM ABAP side which will be independent , the user can be locked forever!!</P></BODY></HTML> Tue, 14 Sep 2010 20:08:43 GMT https://community.sap.com/t5/application-development-and-automation-discussions/lock-access-to-abap-system-allow-access-to-java-system/m-p/7312565#M1535674 Former Member 2010-09-14T20:08:43Z https://community.sap.com/t5/application-development-and-automation-discussions/lock-access-to-abap-system-allow-access-to-java-system/m-p/7312566#M1535675 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>you can disable password logon using parameter login/disable_password_logon and not to set up SSO. So normal users won't be able to log on. I am not sure if this parameter affects Java stack but it looks like DJ1 is a separate system. </P><P></P><P>you could use an user exit SUSR0001 which is called after dialog log on to ABAP stack. But be careful about it. Probably you don't want to lock out all users.</P><P></P><P>Another approach could be to put firewall in front of your ABAP stack and allow dialog logon only from limited range of IP addresses.</P><P></P><P>BTW if you don't give authorization to run any transaction to users (S_TCODE) then you don't care if users can log on or not. They won't be able to do anything. </P><P></P><P>Cheers</P></BODY></HTML> Wed, 15 Sep 2010 00:39:42 GMT https://community.sap.com/t5/application-development-and-automation-discussions/lock-access-to-abap-system-allow-access-to-java-system/m-p/7312566#M1535675 mvoros 2010-09-15T00:39:42Z https://community.sap.com/t5/application-development-and-automation-discussions/lock-access-to-abap-system-allow-access-to-java-system/m-p/7312567#M1535676 <HTML><HEAD></HEAD><BODY><P>Dear,</P><P></P><P>Thanks for your input.</P><P></P><P>DL1 (SRM-ABAP) is the UME source system of DJ1 (SRM-JAVA), through SAPJSF user.</P><P>I need to keep the connection between both systems.</P><P></P><P>Maybye I was not precise enough in my problem description :</P><P>1. DL1 - SRM-ABAP system - contains all users.</P><P> All users are created in DL1 and then automatically replicated to DJ1 (SRM-JAVA).</P><P></P><P>2. We do have 300 users. Among them, only 2-3 users must have access to ABAP system (DL1) for certains activities.</P><P> Theses 2-3 users will be SAP Basis Administrator, SRM Admin, SRM Manager, SRM-Catalog Manager.</P><P> They need to have access to DL1 to work on ABAP system.</P><P></P><P> But all other users (key users, assistants, ...) must not have access on ABAP system (DL1), but only</P><P> on JAVA (portal) system (DJ1).</P><P></P><P>My goal :</P><P>1. I do not want autorize all this users to have access on ABAP system (DL1) but only on JAVA system (DJ1).</P><P></P><P>Any idea or suggestion ?</P><P></P><P>Best regards</P><P>CP</P></BODY></HTML> Wed, 15 Sep 2010 08:16:24 GMT https://community.sap.com/t5/application-development-and-automation-discussions/lock-access-to-abap-system-allow-access-to-java-system/m-p/7312567#M1535676 Former Member 2010-09-15T08:16:24Z https://community.sap.com/t5/application-development-and-automation-discussions/lock-access-to-abap-system-allow-access-to-java-system/m-p/7312568#M1535677 <HTML><HEAD></HEAD><BODY><P>The easiest way would be to use network restrictions: e.g. block SAPGui between the client network and the server network, and / or deny access from all hosts except the Java instances. When the maintenance window is over, you just open the access again.</P><P></P><P>Without knowing your setup it is hard to recommend where you should do this (e.g. firewall, SAProuter, message server, etc).</P><P></P><P>Cheers,</P><P>Julius</P></BODY></HTML> Wed, 15 Sep 2010 08:31:50 GMT https://community.sap.com/t5/application-development-and-automation-discussions/lock-access-to-abap-system-allow-access-to-java-system/m-p/7312568#M1535677 Former Member 2010-09-15T08:31:50Z https://community.sap.com/t5/application-development-and-automation-discussions/lock-access-to-abap-system-allow-access-to-java-system/m-p/7312569#M1535678 <HTML><HEAD></HEAD><BODY><P>If you have SSO configured between them ( ABAP &amp; JAVA ) you can achieve your goal</P><P></P><P>and allow GUI access for those 2-3+ users to perform admnistrative activities </P><P>but in this case remember the user will still be unlocked.</P><P></P><P>if the user needs to view data from the backend system</P></BODY></HTML> Wed, 15 Sep 2010 20:10:31 GMT https://community.sap.com/t5/application-development-and-automation-discussions/lock-access-to-abap-system-allow-access-to-java-system/m-p/7312569#M1535678 Former Member 2010-09-15T20:10:31Z