Skip to Content

Want to restrict multiple gui logons

Hi all,

Good day...!!

Our management want to restrict multiple gui logons of some users in our system. I created the parameter "login/disable_multi_gui_login" in RZ10, but in one single line only 21 entries is allowing

I want to add more users . How should i add ?

I searched in net about this, but all results are explaining about the disabling of multiple logons.

Please help on the above matter....

Regards

Praveen

Capture.JPG (21.9 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    Oct 27, 2015 at 01:12 PM

    Have a look at this SAP note for the solution.

    2215040 - Long profile parameters are truncated

    Add comment
    10|10000 characters needed characters exceeded

    • Hello Praveen

      If this is a production system then go back to the management and make them aware of the SAP licensing conditions. In the past I have seen this practice but only for a few users (5 or 6) just because of the number of service providers involved.

      Regarding the implementation of the note, you need to first set the local variables as suggested in the KBA and enter values there (based on what I have understood).

      Eg:

      _P1=ABC#EFG#HIJ

      _P2=KLM#NOP#QRS

      Afterwards you will provide these local variables as values to the parameter login/multi_login_users

      Eg:

      login/multi_login_users=$(_P1)$(_P2)

  • Oct 27, 2015 at 01:21 PM

    Hi Praveen

    1. You can refer the SDN link Disable Multiple SAP Logons - Basis Corner - SCN Wiki

    2. If the number of user id are more, you can switch the user id type from Dialog to Service in transaction code SU01.

    Regards

    SS

    Add comment
    10|10000 characters needed characters exceeded

    • Ok, this is a different requirement. In this case, just delete both parameters. You don't need to mess with login/multi_login_users at all, and you want login/disable_multi_gui_login to be set to 0, which is the default, therefore simply deleting the parameter should achieve this (but if you want to be sure, set the parameter in your profile to 0). Then multiple simultaneous logins by the same dialog user ID will be allowed.

      In the case of your senior officers, the answer is even simpler. Have them change their passwords and don't give them out to anyone else. That's basic security.

      However, this raises another possible license violation. Again, in most license contracts, use of a single dialog user account by more than one person is prohibited. In fact, it's precisely this behavior that the audit is trying to detect when it looks to see if the same account is logged in from more than one workstation at the same time. Your contract could conceivably be different, but probably it isn't. If this is a production system, or if these are developers with SSCR keys in a development system, then most likely they are required to be named users and only the person so named is authorized to use that account.

      The exception would be test and training accounts in a test/training system (or likewise and also non-developers in a dev system), but generally you can't have dialog accounts in a production system used in this way. Everyone needs their own unique account.

      Again, your contract may be different, but this would be the typical case.

  • Oct 27, 2015 at 02:13 PM

    Hello Praveen,

    It is not possible to have more users than the space available in RZ10 (80 characters in total).

    Note that allowing users to login more than once is not a general feature, but should be seen as exception from the rule. The profile parameter login/multi_login_users is designed only for a smaller group of users who need to login multiple times even if the setting of login/disable_multi_gui_login generally prohibits the multiple login.

    Regards,

    Cris

    Add comment
    10|10000 characters needed characters exceeded