I LOVE SAP

Blog for BASIS Knowledge sharing

Archive for November, 2009

Disable Multiple Logins in the Same Client

Posted by Della on November 17, 2009

To disable multiple user logins within the same client implement this parameter in the instance profile:
Disable MultipleDisable Multiple Logins in the Same Client

To disable multipDisable Multiple Logins in the Same Client

To disable multiple user logins within the same client implement this parameter in the instance profile:

login/disable_multi_gui_login = 1

If you do not use this parameter in your system, users have the ability to ignore the warning window at the time they try to login to the same client.le user logins within the same client implement this parameter in the instance profile:

login/disable_multi_gui_login = 1

If you do not use this parameter in your system, users have the ability to ignore the warning window at the time they try to login to the same client. Logins in the Same Client

To disable multiple user logins within the same client implement this parameter in the instance profile:

login/disable_multi_gui_login = 1

If you do not use this parameter in your system, users have the ability to ignore the warning window at the time they try to login to the same client.
login/disable_multi_gui_login = 1

If you do not use this parameter in your system, users have the ability to ignore the warning window at the time they try to login to the same client.

 

How about exceptional logins?
In case you’re wondering how to allow multiple logins for certain key users you can implement parameter login/multi_login_users. You can list the user IDs that should be ignored if the parameter above is active in your system.

Posted in Others | Tagged: , , | 1 Comment »

Lock a Client to Prevent Logons

Posted by Della on November 17, 2009

Do you need to do maintenance on a system and want to make sure nobody logs on to it while you’re working on it?

You can lock a system at the OS level by running: tp locksys pf=tpprofile

Example: To lock your DEV system enter this command: tp locksys DEV pf=saptranshostsapmnttransbintp_domain_dev.pfl

Users will get this message if they attempt to log on: “Upgrade still running. Logon not possible”.

Notice that the message is not exactly accurate. TP locksys is mainly used during release upgrades so the message is kind of generic. But, it works!

To unlock the system, run: tp unlocksys pf=tpprofile

Now you can tell your boss that you know how to keep the users off the system!

Only SAP* and DDIC can log on to any of the clients in the system that has been locked.

 

For detail information go to the following link http://sapdocs.info/sap/uncategorized/frequently-used-procedures-in-sap/

Posted in Others | Tagged: | Leave a Comment »

Security Audit Log

Posted by Della on November 17, 2009

The Security Audit Log is a tool designed for auditors who need to take a detailed look at what occurs in the SAP System. By activating the audit log, you keep a record of those activities you consider relevant for auditing. You can then access this information for evaluation in the form of an audit analysis report.

The audit log’s main objective is to record:

  • Security-related changes to the SAP System environment
    (for example, changes to user master records)
  • Information that provides a higher level of transparency
    (for example, successful and unsuccessful logon attempts)
  • Information that enables the reconstruction of a series of events
    (for example, successful or unsuccessful transaction starts)

Specifically, you can record the following information in the Security Audit Log:

  • Successful and unsuccessful dialog logon attempts
  • Successful and unsuccessful RFC logon attempts
  • RFC calls to function modules
  • Successful and unsuccessful transaction starts
  • Successful and unsuccessful report starts
  • Changes to user master records
  • Changes to the audit configuration

To configure the audit log –> sm19

To see the audit log –> sm20

To delete old log –> sm 18

 

Before you activate the audit log you have to setup several parameters in RZ10 :

 

rsau/enable: Set to 1 to activates audit logging
rsau/local/file: Name and location of the audit log file
rsau/max_diskspace/local: Max. space of the audit file. If maximum size is reached auditing stops.
rsau/selection_slots: Max. number of filters

rsau/enable: Set to 1 to activates audit loggingrsau/local/file: Name and location of the audit log filersau/max_diskspace/local: Max. space of the audit file. If maximum size is reached auditing stops.rsau/selection_slots: Max. number of filters

the maximum size of an audit file is 2 gigabytes for a single day, so the in case of profile parameter rsau/max_diskspace/local the min value is 1000000kb & maximum value is 2GB

For profile parameter rsau/max_diskspace/per_file minimum is 1MB & Maximum is 2 GB

For rsau/max_diskspace/per_day minimum value should be 3*per_file & maximum 1024 GB.So check these parameter.

For more detail see the following page  http://help.sap.com/saphelp_nw04/helpdata/EN/2c/c59d37d373243de10000009b38f8cf/frameset.htm

 

Posted in Log File | Tagged: , , , , , , , | 3 Comments »

 
Follow

Get every new post delivered to your Inbox.