Application Development Blog Posts
Learn and share on deeper, cross technology development topics such as integration and connectivity, automation, cloud extensibility, developing at scale, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 
Pragnesh_7se7
Participant

Scenario: Client wants to restrict the user to login from any other terminal except allocated one.

Solution :

Step 1 : Use Function Exit : EXIT_SAPLSUSF_001 which is called immediate after login.

Step 2 : Create Z table which contain User Id, IP Address, and Terminal Name.

Step 3 : call function module  TH_USER_INFO in function exit EXIT_SAPLSUSF_001 include : ZXUSRU01


Here TERMINAL is terminal name and ADDRSTR is IP address

step 4 : If it runs first time add user id, IP address and Terminal Id in table from next time validate from Z table.


step 5 : use function module  WS_MSG to raise error.


step 6 : call 'SYST_LOGOFF' if user is not authorize.


Remarks : Do not use any other method to raise error, because.......

if user is not authorize still he/she can login using Create Session

WS_MSG gives only below options.

21 Comments
Former Member
0 Kudos

Hi,

Nice document.

As well as i want to know is there any method to restrict user not to terminate session of other user?

Regards

Ajay

Former Member
0 Kudos

Good one :smile:

Regards,

Mounika

Former Member
0 Kudos

Good ..

Pragnesh_7se7
Participant
0 Kudos

At login time ? please explain.

Former Member
0 Kudos

Yes at login time we need user can not be able to disconnect session of another user.

Regards

Ajay

Pragnesh_7se7
Participant
0 Kudos

Hi Ajay,

As far as I know

You can restrict multiple logon,

but such restriction is not allowed,

you can discuss with you BASIS guy,

Please see below link...

Restrict the user from terminating other's logon

former_member229075
Discoverer
0 Kudos

Nice Document....

FPT
Explorer
0 Kudos

Can u share source code for include ZXUSRU01?

Pragnesh_7se7
Participant
0 Kudos

Sorry Dear,

But if you stuck any where just tell, I will definitely help you.

Juwin
Active Contributor
0 Kudos

Please read the documentation of the enhancement SUSR0001. SAP specifically says "Do not log off the user".

Logoff is ranked 1st in the list of things you should absolutely avoid in a User exit/ Badi/ Enhancement.

Thanks,

Juwin

Pragnesh_7se7
Participant
0 Kudos

Hi Juwin ,

Do you have any alternative solution ? If yes then please share I will definitely update,

Actually first we have implemented without logoff option, but we didn't find any other way to restrict users,

Thanks for Input.

Juwin
Active Contributor
0 Kudos

Finding a solution shouldn't be done by breaking the system, isn't it? That was the only intent of my comment. I am not trying to sell my own solution here. Sorry, if I let you believe otherwise.

Thanks,

Juwin

FPT
Explorer
0 Kudos

Dear Pragnesh,

Now, we only have sap Basis, no Developer. So we can't write source code for include ZXUSRU01. We hope that u will share your source code to us. Thanks!

Pragnesh_7se7
Participant
0 Kudos

Hi Juwin,

Thanks for your input, will try to improve if possible.

Juwin
Active Contributor
0 Kudos

I respect your enthusiasm. Thanks.

former_member210770
Active Participant
0 Kudos

Dear Pragnesh,


Nice document. We can enhance it like below code as same thing i have developed in past.


EXIT :

SUSR0001 -> Include ZXUSRU01


TABLE : ZUSER_AUTH , USR41

MANDT

MANDT

CLNT3

Client

UNAME

XUBNAME

CHAR12

User Name in Master Rec

IPADDR

NI_NODEADDR

CHAR45

IP Address

PCNAME

ZTERMINAl

CHAR20

Terminal


  • This enhancement is to authenticate user while login with its authorization with system ip address , system pc name & it's username & password. Also It Read Login User’s Profile (Voice).


*&---------------------------------------------------------------------*
*&  Include           ZXUSRU01
*&---------------------------------------------------------------------*
* break abapdev2.

INCLUDE OLE2INCL.

DATA : GWA_ADDR LIKE BAPIADDR3,
GIT_RETURN
TYPE TABLE OF BAPIRET2,
W_STRING
TYPE STRING.

DATA : OLE   TYPE OLE2_OBJECT,
VOICE
TYPE OLE2_OBJECT,
TEXT   TYPE STRING.

CREATE OBJECT VOICE 'SAPI.SPVOICE'.

CALL FUNCTION 'BAPI_USER_GET_DETAIL'
EXPORTING
USERNAME            
= SY-UNAME
CACHE_RESULTS       
= 'X'
IMPORTING
ADDRESS             
= GWA_ADDR
TABLES
RETURN               = GIT_RETURN .


CLEAR : W_STRING.
IF GIT_RETURN[] IS INITIAL.
CONCATENATE 'Welcome' GWA_ADDR-TITLE_P GWA_ADDR-FIRSTNAME GWA_ADDR-LASTNAME 'In the world of SAP' INTO W_STRING SEPARATED BY ' '.
ENDIF.

* BREAK-POINT.
TABLES : USR01 ,ZUSER_AUTH , SOPR.
DATA : GIT_USR01 TYPE STANDARD TABLE OF USR01,
GWA_USR01
TYPE USR01,

GIT_USR41
TYPE STANDARD TABLE OF USR41,
GWA_USR41
TYPE USR41,

GIT_USR_AUTH
TYPE STANDARD TABLE OF ZUSER_AUTH ,
GWA_USR_AUTH
TYPE ZUSER_AUTH ,

GIT_PROFILE
TYPE STANDARD TABLE OF SOPR,
GWA_PROFILE
TYPE SOPR,

USER_NAME
TYPE SY-UNAME,
ADDRSTR
TYPE NI_NODEADDR,
V_UNAME
TYPE ZUSER_AUTH-UNAME,
T_PCNAME
TYPE ZUSER_AUTH-PCNAME.

DATA : logo TYPE SSM_PATH,
USER
TYPE ZMANDT,
LOGIN_CLIENT
LIKE SY-MANDT.

LOGIN_CLIENT
= SY-MANDT.

SELECT SINGLE ZCLIENT
ZPATH
FROM ZLOGIN_LOGO
INTO (user , logo)
WHERE ZCLIENT = LOGIN_CLIENT.

USER_NAME
= SY-UNAME.

SELECT *
FROM USR01
INTO TABLE GIT_USR01
WHERE BNAME = USER_NAME .

SELECT *
FROM USR41
INTO TABLE GIT_USR41
WHERE BNAME = USER_NAME .

SELECT SINGLE UNAME
FROM ZUSER_AUTH
INTO V_UNAME
WHERE UNAME = USER_NAME.

IF SY-SUBRC = 0.

CALL FUNCTION 'TH_USER_INFO'
EXPORTING
CLIENT                    = SY-MANDT
USER                     
= USER_NAME
*       CHECK_GUI                 = 0
IMPORTING
*       HOSTADDR                  =
TERMINAL                 
= T_PCNAME
*       ACT_SESSIONS              =
*       MAX_SESSIONS              =
*       MY_SESSION                =
*       MY_INTERNAL_SESSION       =
*       TASK_STATE                =
*       UPDATE_REC_EXIST          =
*       TID                       =
*       GUI_CHECK_FAILED          =
ADDRSTR                  
= ADDRSTR
*       RC                        =
.

TRANSLATE T_PCNAME TO UPPER CASE.
SELECT * FROM ZUSER_AUTH
INTO TABLE GIT_USR_AUTH
WHERE UNAME = USER_NAME.

READ TABLE GIT_USR_AUTH
INTO GWA_USR_AUTH
WITH KEY UNAME = USER_NAME
IPADDR
= ADDRSTR
PCNAME
= T_PCNAME
MANDT
= SY-MANDT.
.
IF SY-SUBRC = 0
AND ADDRSTR = GWA_USR_AUTH-IPADDR
AND T_PCNAME = GWA_USR_AUTH-PCNAME
AND SY-MANDT = GWA_USR_AUTH-MANDT.

CALL METHOD OF VOICE 'SPEAK' = OLE
EXPORTING #1 = W_STRING. "TEXT.
*

ELSE.
CLEAR SY-UCOMM.
MESSAGE : 'You are not authorized to login on this terminal.'
TYPE 'E'.
EXIT.
*     call 'SYST_LOGOFF'.
ENDIF.

ELSE.

CALL METHOD OF VOICE 'SPEAK' = OLE
EXPORTING #1 = W_STRING. "TEXT.

ENDIF.

former_member194965
Active Participant
0 Kudos

tq

Pragnesh_7se7
Participant
0 Kudos

Hi Sagar,

Thanks for Input.

Former Member
0 Kudos
With SAP DAM by NextLabs we use the same user exit to restrict access from specific locations. This allows us to dynamically restrict access to BOM's or recipes to specific locations, prevent exposure of IP and secrets via VPN and for the enforcement of Export Compliance like ITAR, EAR, BAFA or EU Dual Use.

 
hi  ,

I have successfully implemented this enhancement, it works well but the problem rite now I'm experiencing is the popping up of two popup message windows:

1 -Information message of failed user login attempts
2- Flash Messages popup window

After popping up any of above message window the SAP system waits for user input if user click OK the system will move further & called user exit(SUSR0001), & if user right clicks & opt for create new session on the top of any of the window if will safely bypasses the user exit (SUSR0001). Here this solution seems fail by not calling the exit for which the solution was actually developed.

If any body experienced the same & resolved please share .

 
0 Kudos
Dear shoaib.rehman2 ,

Would you mind to share the update for your finding of this solution. I'm so exciting with this.

Best Regards,

Luan
Labels in this area