cancel
Showing results for 
Search instead for 
Did you mean: 

Stopping direct access to ECC

Former Member
0 Kudos

we have earlier created few users in the ECC clients and the consultants are accessing it directly , now we want them to acess the system using SOLMAN only ...

How can we stop the direct access to the ECC system , should we remove their login ID's from the ECC ..

Please advice

Regards

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi,

You can't remove their user IDs in ECC otherwise they won't be able to connect remotely using the Trusted RFC. What can be done in that case is to distribute the saplogon.ini and to prevent its modification. Then you just have to remove the entry for connecting your ECC to prevent users from doing it.

But whenever your SolMan will be down, the users won't be able to access the ECC...

Hope it helps,

Best regards,

Stéphane.

Former Member
0 Kudos

Thanks stephane , In this scenario what kind of access should be given to abapers.

Regards

Former Member
0 Kudos

Hello again,

The abapers need to keep their authorization as it is in the ECC system. Then for them to be able to use the trusted RFCs you need to add two roles with the following authorization objects (i'm not sure if both objects are mandatory in both system, but you can test that) :

- in SolMan : role with S_RFCACL auth. object

- in ECC : role with S_RFC auth. object

Hope it helps,

Stéphane.

Former Member
0 Kudos

We have revealed the DEV box access to the consultants ...in any way can we monitor or restrict them to access directly the ECC system.

Also i cant restrict the logon .ini file as the client have their own IT policy .

Regards