Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

User X not authorized to logon directly error

Former Member
0 Kudos
6,006

Hi,

One of our users are experiencing an error while logging in to the system which says "User X not authorizedt o logon directly".

The user type is Dialog

User is not either expired or the password is deactivated.

Other users in the same group were able to login

User is not assigned to any authorization group.

There are no logon group restrictions

I've also deleted and re-created the user ID. Still have the same problem. Other user IDs that I create doesn't have any issues. The error appears in any system irrespective of the patch level of SAP GUI.

Please help!

Rgds,

Raghu

13 REPLIES 13

Former Member
0 Kudos
1,424

Hi Raghu

Are you using GRC's SPM / Firefighter option please? There was a bug in the earlier versions which did something very similar to this.

Regards

David

0 Kudos
1,424

No David. It is an ECC IDES system.

Rgds,

Raghu

0 Kudos
1,424

Try to "hack" it by either double-clicking the custom message and then opening a new session via the popup modal menu, or, enter the user and pwd in SM59 test destination and perform a "remote login" to this user.

These bypass the SAPGui login exit, and will confirm for you whether the message is coming from there, which sounds very likely.

Other options are to check the start transaction of the user which might ne logging them back out again, or trying too...

Cheers,

Julius

0 Kudos
1,424

Hi Julius,

The error message that pops-up doesn't give me any option/modal menu to open another instance. Also, i've checked logging in remotely from SM59 which was successful.

There is no start transaction when I checked for the user.

Even now experiencing the same error. Let me know if I can somehow share the error message screen shot.

Rgds,

Raghu

0 Kudos
1,424

If SM59 worked, then you have some custom code in the SAPGui logon exit which is raising this message.

Do a where-used-list on the message class and number to find the "offending" code.

It is quite common to find nonsense in this exit, which is why it does not really work reliably for anything other than checking SAPGui versions.

Cheers,

Julius

0 Kudos
1,424

Hi,

There is no custom script. I'm experiencing the same error from any machine, irrespective of the version of GUI. However, all the other IDs are working fine.

I am wondering if I can restrict access to a single ID from GUI script, which can be deployed in all the systems while trying to login with this ID??

Please help!

Rgds,

Raghu

0 Kudos
1,424

Hi,

I guess Julius is talking about user exit which is called at the beginning of any dialog session. Obviously, this check is not performed on client therefore it does not matter from where you log on or which version of SAP Gui you use. You can use version management for user exit include to figure out who implemented that logic.

Cheers

0 Kudos
1,424

Hi,

I was able to resolve the issue. The issue is due to the user ID added as a FFID in /n/virsa/vfat.

Due to the recent note that was applied (SAP Note 992200), it is restricting users from logging in Dialog mode (even though the user is a dialog user.) The FM /virsa/zvirsa_userexit will check the usage of the user ID and will block the user from logging in a dialog mode.

I've removed the user ID from FFID list and now the user is able to login.

Rgds,

Raghu

0 Kudos
1,424

I guess Julius is talking about user exit which is called at the beginning of any dialog session.

... and I suspect that Raghu did not recognize the implications of this.

Note that this exit is only triggered when the user enters a password in the SAPGui logon screen (starting a session from the SAPGui Logon Pad).

All other methods of authenticating (such as RFC, or via http(s), Java UMEs, etc) do not execute the coding in the exit and a simple break-point can stop it (in a dialog debugger session, which an "emergency user" can be expected to have auths for...).

Personally I am not a fan of this exit. It does not work reliably and often causes confusion.

Cheers,

Julius

0 Kudos
1,424

HI

>I was able to resolve the issue. The issue is due to the user ID added as a FFID in /n/virsa/vfat.

I did ask about this earlier as we had the same problem in FF

Cheers

David

Former Member
0 Kudos
1,424

Raghu,

please check if there is any code in program ZXUSRU01, if yes, then please copy paste it.

se38 -> ZXUSRU01 -> display

regards,

Surpreet

PatrickVermeire
Explorer
0 Kudos
1,424

We had the same problem (we use "Fire Starters").

Reason was found in table: /GRCPI/GRIA_CON.

The user had the role in PARAMID: 4010, which is not allowed.

This table was read via: ZXUSRU01 -> INCLUDE /grcpi/gria_userexit.

(READ TABLE lt_conn INTO ls_conn WITH KEY paramid = '4010'. "FFID Role Name)

Kind Regards,

Patrick Vermeire

0 Kudos
1,424

Encountered the same issue. Root Cause - test ID had copied the SPM FF security role indicating it was a FF ID. It is not a FF ID. Removed FF role and user able to logon.