Skip to Content
avatar image
Former Member

Deny Access from SAP-Logon and allow access from Webservice

Hello,

I've a question regarding different logins.

We're using a portal (non SAP) where SAP-Reports were integrated. Therefore the user has to login on the SAP Webservice to see the report results. This works. As the users don't need to access the SAP directly is it possible to deny the access with SAP-Logon/SAP-GUI.

I think it is not possible to handle it with the usertype because it has to be a dialog user.

Can SAP differentiate from where a user is logging in and handle the access?

Thx for you help.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    Aug 05, 2010 at 01:34 PM

    Becksen,

    i think you need to deactivate (click on deactivate in logon data tab) the password on ABAP side then user wont be able to login directly from SAP and can use the webservice.

    Thanks,

    SS

    Edited by: sun on Aug 5, 2010 3:34 PM

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi,

      Apart from the SSO issue , I have faced a situation where BP( business partner in CRM ) could not be configured if the user type is service/System.

      webshop will also fail if the user type is not a dialogue user.

  • avatar image
    Former Member
    Aug 05, 2010 at 06:30 PM

    Hope this parameter helps

    login/disable_password_logon

    if you are using SSO or other methods to logon.

    Regards

    Add comment
    10|10000 characters needed characters exceeded

  • Aug 05, 2010 at 10:44 PM

    Hi,

    one dirty solution could be to implement user exit SUSR0001 and kick out unwanted users right after logon. If you have proper roles assigned to those users then they should not be able to execute anything. Right? As far as I know users if there is nothing for them then they won't bother to logon.

    To do not install SAP Gui does not sound as a secure solution to me.

    Cheers

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Just discovered this thread and I apologize for a late posting of a silly comment... 😉

      You're concerned about users sniffing logon information from HTTP requests? Assuming that you have switched network connections I'd say you probably have some advanced users (or admins that can't be trusted). For such people it would also be trivial to get user/password combination from any SAPgui logons if you don't use SNC (in that case the SAPgui network traffic is only compressed, but not encrypted). Now I'm not arguing to simply ignore all security risks - I'm just surprised that there's often concerns in some areas whereas other areas are completely ignored...

      Any statements about SSL performance I'd treat like any other performance problem - don't assume too much, test and check your results (maybe that was done already, but it sounded as if your architecture team just voiced some general concerns). Due to different hardware and applications it's almost impossible for anybody to come up with reasonable numbers for estimating the overhead introduced by SSL without doing any testing. E.g. factors like session length (shorter sessions make additional SSL handshake overhead more relevant), caching, etc. have to be considered - so run some different scenarios and loads and see what happens.

  • avatar image
    Former Member
    Aug 08, 2010 at 07:54 AM

    Hi,

    Through communication user type map the user to another user id in R/3 and do not disclose the user relation and password to the enduser. or otherwise Try to differentiate the password between the portal and R/3. Don't disclose the R/3 password to the user.

    Regards.

    Shrinivasan. KV

    Add comment
    10|10000 characters needed characters exceeded