06-09-2011 3:47 PM
Hello all,
Just wondering why when RFCing into a system, say into BW to execute reports, USR02 doesn't update the last logon field for that user? Does USR02 only get updated with a dialog logon?
Thanks,
Tom
06-10-2011 12:53 AM
Hi,
No, it should get updated. Check what you have in parameter login/update_logon_timestamp. Also search for OSS notes. There are some related to TRDAT and RFC.
Cheers
06-10-2011 12:53 AM
Hi,
No, it should get updated. Check what you have in parameter login/update_logon_timestamp. Also search for OSS notes. There are some related to TRDAT and RFC.
Cheers
06-10-2011 10:21 AM
06-11-2011 8:59 PM
Which SAP release are you on? You should generally mention this dependency when asking questions.
Cheers,
Julius
06-14-2011 4:54 PM
Thanks Julius. I did check some OSS notes, certain SRFC calls don't actually update USR02.
06-14-2011 9:33 PM
SRFC are classed by default as public functions. Where there is no authority-check, there is also no requirement to authenticate.
As the user does not need to exist even, the logon timestamp is not updated.
An example is the connection test "ping" in SM59. This is just a physical ping for the correctness of the admin data tab settings - but from the application layer using RFC (without valid logon data credentials being evaluated).
Cheers,
Julius
11-18-2011 4:29 PM
I'm curious if you have an answer for this. We have the exact same problem with users login on to BI portal, and it doesn't stamp last logon date for the user in R/3 back end site. It looks like SAP does check for authentication (reject logon to portal if user is locked), and check for authorization when running reports.
Reading some of the old OSS notes (489768, 416402), I'm under the impression that RFC logon should also stamp logon date/time. We're in SAP BASIS 700 / release 24, and SAP_BW 700/ release 26.
We also created a message with SAP, but do not have an answer back on this just yet.
Thanks.
11-18-2011 10:40 PM
With RFC you must remember that authorization checks trigger the authentication (against which user should the authority-check be performed?).
If the user context does not have a session ID (they already are on the inside) then they are prompted for authentication.
This might be transparent as it aleady happened (e.g. logon tickets of various sorts) or an interactive logon screen appears if the client application (and middle-ware components) support it.
Then you can authenticate.
AFAIK the logon time stamp was an old mechanism to signify the status of the password only. This collided with people and programs who observe (and sometimes update...) table USR02. Public functions do not require authentication, so anyone can call them and authentication is not required.
Transaction SM19 and Sm20N will also help you further to record logons,
Cheers,
Julius
11-30-2011 4:06 PM