cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restrict User To Login or any trasaction In SAP CRM GUI

Go to solution
former_member267851
Participant

on ‎07-23-2015 6:58 AM

0 Kudos

Hi Experts,

I have a requirement to Restrict User To Login or  any  trasaction In SAP CRM GUI .

I am looking for any Exit which can help me out, We are using  SAP CRM EHP2 .

In adavance thanks.

Regards

Alok

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

stephenjohannes
Active Contributor
‎07-24-2015 3:13 PM
0 Kudos

You can't do this as your end-users have to be dialog to use CRM. Any user with rights to login in the webclient of CRM can always log into the SAP GUI.  The only thing you can do is make sure the user has no S_TCODE authorizations, which will prevent them from executing any dialog transactions in the SAP GUI.

However keep in mind you still might need to keep SU3 authorizations(not sure about S_TCODE for SU3) to allow the user to maintain personalization data in the webclient.

Take care,

Stephen

Show replies
Show replies
former_member267851
Participant
‎07-27-2015 6:14 AM
0 Kudos

Thanks everyone I solve this requirement by myself.

As per requirement we need to resrtict all end users from login to GUI but not all users .

But the most challenging part was to make them acces trasaction laucher GUI Report .

Thnaks and Regards

Alok

dhruv_mehta
Active Contributor
‎07-28-2015 8:10 AM
0 Kudos

how did u solve it! I hope not by uninstalling gui logon pad from users machines

former_member267851
Participant
‎07-28-2015 2:29 PM
0 Kudos

yes u r hoping right . I write code in exit.

dhruv_mehta
Active Contributor
‎07-28-2015 3:20 PM
0 Kudos

good days of SMOD and CMOD! can u please share the exit name! its been a while I have used those t codes

former_member267851
Participant
‎07-29-2015 7:05 AM
0 Kudos

Here is the Exit SUSR0001.

Answers (2)

Answers (2)

Former Member
‎07-24-2015 10:51 AM
0 Kudos

Hello Alok. You just need to inactive the S_TCODE authorization object. Regards, Neha

Show replies
Show replies
ravi_raj36
Explorer
‎07-24-2015 12:27 PM
0 Kudos

Hello Alok,

If you just want to restrict the authorization  then you can do this with the authorization objects CRM_ORD_LP and CRM_ORD_PR

Regards,

Ravi

navn_metts
Active Participant
‎07-23-2015 7:23 AM
0 Kudos

Hello Alok,

This can be done by using Authorizations. Just assign the respective authorization objects to the Roles of the user.

Authorizations team will help you here.

Br,

Navn

Show replies
Show replies
ravi_raj36
Explorer
‎07-23-2015 9:32 AM
0 Kudos

Hello Alok,

Here are two approaches as we can see

1)If you dont want  user to logon to  CRM GUI, then deactivate (click on deactivate in logon data tab) the password on ABAP side then user wont be able to login directly from SAP

and if you are using SSO ,login/disable_password_logon.

2) If you dont want user to perform any type of transactions/activties then you need to set up Authorization objects and status profiles defined for the specific roles.

Regards,

Ravi

former_member267851
Participant
‎07-23-2015 11:25 AM
0 Kudos

Hi Ravi,

Thanks for reply . do u have suggestion how to recognize for trasaction launcher GUI from UI?

I am able to control the gui login  but not able to control gui launcher Reports from UI.

Please suggest any idea .

Regards

Alok

ravi_raj36
Explorer
‎07-23-2015 12:39 PM
0 Kudos

Hello Alok,

I understand from your query that you  do not want users  to access a particlaur transaction from User Interface.

1)By Authorization roles you will be able to restrict creation,display and change of transactions.

2)If you want to restrict them in WEB UI,

you will have to make changes to the respective component and view or the navigation bar

Ideally in this case, if you dont want to display the launchers for the users, we have feasibilty to hide/disable the launcher/componet  in nav.bar profiles for the particualr business roles

Regads,

Ravi

hongyan_shao
Active Contributor
‎07-24-2015 6:26 AM
0 Kudos

Hi,

Do you mean, if a user logged on a web ui, there is a link which will start a transaction launcher to launch a transaction code using webgui or windows gui. And you don't want this to happen for some users?

I believe if it is webgui, it is still possible to control the authorization for this user id with authorization object S_TCODE. Am I right?

Hongyan

Ask a Question