Skip to Content
avatar image
Former Member

Howto disable direct login into DB server

Hello Experts,

I have a very old system with me(SAP 4.0B running on AIX/Oracle DB) which has 7 application servers, however there is too much load on all servers.

I wish to restrict users logging directly onto the DB server.

Is there a way to disable users login into DB servers, I know about SAP logon groups, however a user would still be able to bypass it by configuring direct connection in the saplogon.

There could be a parameter perhaps that I don't recollect right now !

Any help is appreciated.

Regards,

Siddhesh

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    Dec 28, 2006 at 10:08 PM

    Hello Siddhesh,

    Using the dialog logon user exit SUSR0001, you can add your custom checks to logon procedure.

    You have to enable the logon user exit using SAP enhancements (CMOD transaction) and write your ABAP code to check the users.

    Regards

    Ermanno

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi ermanno,

      I have forwarded the solution you suggested to our customer.

      Thanks for your response, I have marked the question as answered

      Regards,

      Siddhesh

  • avatar image
    Former Member
    Dec 29, 2006 at 11:16 AM

    If you cannot do ABAP change -

    You have to ensure that no direct logon is configured on users SAPLOGON.

    Then disable SAPlogon edit functionality from users machines and give then access to SAPLOGONPAD only.

    This way they cannto change saplogon configuration.

    Also, you can put saplogon.ini on the network where all users can only read it.

    And configure their saplogon's to connect to this ini file.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Amol,

      When you have servers which are global any kind of modification to something as critical as networks can result into fatal outage, network modification is not an option.

      Thanks for your feedback although!

      I think the user exit is the only option here.

      Regards,

      Siddhesh