Block direct logon to satellite system

Dear friends,
I am working with Sol Man 4.0 SP12.
I have connected R/3 with Sol Man. The user ID has been created in Sol Man As well as in R/3. (In both the systems the user ID is same)
Now the user can logon to R/3 system via Sol Man (T-RFC role has been assigned to him).
But still the user is logging into R/3 system directly & performing the configurations. We want to block this option. Without Sol Man, he should not able to get into R/3 system.
One work around might be, change the password & do not inform to the user.
But for our case, we having about 185 consultants to do the configuration.
If i lock the user ID in R/3, i can not logon through Sol Man also. So this option is invalid.
If i maintain him as "Service" user also, he can directly logon to R/3. So this option also invalid
If any other work around is available please guide me.
Regards
Senthil

Dear Senthil,
Your question is more from an Process point of view rather than Solution Manager.
I assume that you are using Solution Manager to implement your SAP solution.
There are 2 possibilities here :
1. Roll out an standard process for all the 185 consultants working with you and strictly instruct to perform the configuration using the Solman route. In case of violations lock the userid's and get your senior mangement involved.
2. Start using Change management. If you activate change management then no one can create an transport request in the satellite systems without routing it via an change request in Solution Manager. This way even if the consultant logs in to satellite system his work is useless and he is forced to follow the Solman Route.
I hope that the above tips helps.
Regards
Amit

Similar Messages

Blocking of Direct Login to Satellite System

Dear All,
A person who has login authorisation in Solman also has login authorisation in Satellite systems. So a person can directly login to the satellite system, bypassing the Solman. whether is there any possibility to block the person directly loging in to satellite system.
Thanks and Regards
Saravanan

Hi,
When we create RFC destinations for remote system we have to provide the user credentials and saved it or making it a trusted rfc connection without providing any login credentials.
Depending upon the RFC you create you get all the access in the satellite systems.
ALso go thru this tutor
https://websmp204.sap-ag.de/~sapidb/011000358700002912202006E.sim
This shows how to create rfc and whether you want trusted or with user logon screen.in user logon it always asks for the credentials whereas in other case it get automatically filled up.
Please reward points if it helps.
Message was edited by:
Prakhar Saxena

Satellite System Kernel Information

Hallo,
is it possible to find out in the SolMan about the kernel release and the source id of the satellite system? I was searching the SMSY and the SLD but couldn't find that information.
Thank you for your help,
Michael

Hi Michael
If SLD does not collect or display this information (check Technical Landscape in the SLD UI) and you use SLD as a data source for SMSY, you may not get this information in SMSY - please however check SLD landscape data and SMSY thoroughly in case it is captured
However for satellite systems in SMSY that have ST-PI installed and use RFC as a data source Kernel data might be available - also there may be other locations to get this information such as in EWA reports for the system or via MOPZ
Also if Central System Administration is setup you should be able to go directly to the satellite system from Solution Manager and check System-->Status in the system itself (using TRUSTED RFC without saplogon required)
Best wishes
Stuart

CHARM:   Logon restriction to satellite system

Hi
With CHARM functinality, users are allowed to logon satellite system via Solman only when logon action is approved. This is great control, but how can we prevent users from loging directly to satellite system?
In short, I would like to accomplish this
User > SAPGUI　> Satellite (i.e ECC)    Not possible
User --> SAPGUI --> Solman --> Satellite   Possible when approved in Solman
I tested this with changing user type in SU01 (dialog, communication, system, service...), but none of them solved my problem.
Maybe, I should post this question in BASIS forum, but though this was common problem in CHARM envirnment.   Thanks in advance.
Regards

Hi, Xavier
Thank you for your reply.   End users will continue to log on satellite system. No change for them.
What I meant is that I want to control developers / testers' logon activities.
They can logon DEV / QA servers only when approved by Solman.
Problem is that their users need to exist in satellite system, and they can still directly log on to DEV / QA.　This is why I want to accomplish such a functionality.   I wonder if any configuration solve this.
Regards
Koji

Direct creation of transports in satellite system after CHARM

Hi All,
I have a quick question:
Can we create new transport requests into satellite system directly, when CHARM is enabled for them. Or the transports can only be created through CHARM?
Appreciate your response..
Regards,
Smita

Hi
It seems you have a problem in understanding the flow
go thru the foll demo files..it will explain you the whole process and ur doubt
Regular corr
https://websmp201.sap-ag.de/~sapidb/011000358700000872582009E/index.htm
Urg corr
https://websmp201.sap-ag.de/~sapidb/011000358700000872612009E/index.htm
Hope prb is solved now
Regards
Prakhar

Charm_create tp in satellite system directly and then assign project

Dear All,
we have some exceptions here.
Incase of urgency users wants to carry out the changes in satellite system & will save the same under 1 new TP. while moving the tp they want to assign the charm project so that all the activities will get captured under project. is this possible ?
regds,
CB

Hello,
If I understood your question, you probably mean the registration of transport requests from outside ChaRM as described in notes 1150426 and 1274352 ...
Best regards,
Miguel Ariñ

While creating message in Satellite system we would like to get popup scren

Hi Gurus,
While creating message in Satellite system we would like to get a popup screen that should populate/show list of persons responsible/Business partners to whom the mail should go directly to their mail box. Do we have to develop a report for it or can use an already existing job?
Thanks in advance,
Vinod Palli

Hi you can create messages from two places either from the standard help menu.
help->create support message
or
test workbench status message->click messages tab and then click create button.
Now go to tcode Solution_manager
select your landscape and then press execute button you will get the list of all messages with status ,person create d and person responsible.
if you click any one you can go into the details of the same.
PLEASE :reward point for the same.
Regards
Prakhar

SAP system not starting or not able to logon to SAP system

Hi All,
Our OS is AIX5.3
DB is Oracle 10.2
And the machine is in cluster for HA. Cluster is running fine.
I am starting SAP using startsap all, the command shows that database and all instances have been started successfully. But we are not able to logon to the system.
Following is the output of startsap command and dpmon command :
bash-3.00$ startsap all
Checking ARP Database
ABAP Database is not available via R3trans
Starting SAP-Collector Daemon
14:45:38 11.10.2008   LOG: Effective User Id is root
This is Saposcol Version COLL 20.95 700 - AIX v11.15 5L-64 bit 080317
Usage: saposcol -l: Start OS Collector
        saposcol -k: Stop OS Collector
        saposcol -d: OS Collector Dialog Mode
        saposcol -s: OS Collector Status
The OS Collector (PID 286752) is already running .....
saposcol already running
Running /usr/sap/ARP/SYS/exe/run/startdb
Trying to start ARP database ...
Log file: /home/arpadm/startdb.log
ARP database started
/usr/sap/ARP/SYS/exe/run/startdb completed successfully
Starting SAP Instance ASCS00
Startup-Log is written to /home/arpadm/startsap_ASCS00.log
Instance Service on host sapprodail started
Instance on host sapprodail started
Starting SAP Instance DVEBMGS01
Startup-Log is written to /home/arpadm/startsap_DVEBMGS01.log
Instance Service on host sapprodail started
Instance on host sapprodail started
bash-3.00$
bash-3.00$ dpmon
dpmon=>sapparam(1c): No Profile used.
dpmon=>sapparam: SAPSYSTEMNAME neither in Profile nor in Commandline
DpMonInit failed - possibly no dispatcher running
DpMon: External/Internal dplib version: 110/237
bash-3.00$
Developer trace out put is as follows
trc file: "dev_disp.new", trc level: 1, release: "700"
sysno      01
sid        ARP
systemid   324 (IBM RS/6000 with AIX)
relno      7000
patchlevel 0
patchno    159
intno      20050900
make:      single threaded, Unicode, 64 bit, optimized
pid        295220
Sat Oct 11 14:46:22 2008
kernel runs with dp version 237000(ext=110000) (@(#) DPLIB-INT-VERSION-237000-UC)
length of sys_adm_ext is 576 bytes
SWITCH TRC-HIDE on ***
***LOG Q00=> DpSapEnvInit, DPStart (01 295220) [dpxxdisp.c   1254]
        shared lib "dw_xml.so" version 159 successfully loaded
        shared lib "dw_xtc.so" version 159 successfully loaded
        shared lib "dw_stl.so" version 159 successfully loaded
        shared lib "dw_gui.so" version 159 successfully loaded
        shared lib "dw_mdm.so" version 159 successfully loaded
rdisp/softcancel_sequence : -> 0,5,-1
use internal message server connection to port 3900
MtxInit: 30000 0 0
DpSysAdmExtInit: ABAP is active
DpSysAdmExtInit: VMC (JAVA VM in WP) is not active
DpIPCInit2: start server >sapprodail_ARP_01                       <
DpShMCreate: sizeof(wp_adm)             19200   (1600)
DpShMCreate: sizeof(tm_adm)             5941560 (29560)
DpShMCreate: sizeof(wp_ca_adm)          24000   (80)
DpShMCreate: sizeof(appc_ca_adm)        8000    (80)
DpCommTableSize: max/headSize/ftSize/tableSize=500/8/548056/548064
DpShMCreate: sizeof(comm_adm)           548064 (1088)
DpSlockTableSize: max/headSize/ftSize/fiSize/tableSize=0/0/0/0/0
DpShMCreate: sizeof(slock_adm)          0       (104)
DpFileTableSize: max/headSize/ftSize/tableSize=0/0/0/0
DpShMCreate: sizeof(file_adm)           0       (72)
DpShMCreate: sizeof(vmc_adm)            0       (1864)
DpShMCreate: sizeof(wall_adm)           (40056/36728/64/192)
DpShMCreate: sizeof(gw_adm)     48
DpShMCreate: SHM_DP_ADM_KEY             (addr: 0x700000000126000, size: 6626392)
DpShMCreate: allocated sys_adm at 0x700000000126000
DpShMCreate: allocated wp_adm at 0x7000000001280f8
DpShMCreate: allocated tm_adm_list at 0x70000000012cbf8
DpShMCreate: allocated tm_adm at 0x70000000012cc58
DpShMCreate: allocated wp_ca_adm at 0x7000000006d7590
DpShMCreate: allocated appc_ca_adm at 0x7000000006dd350
DpShMCreate: allocated comm_adm at 0x7000000006df290
DpShMCreate: system runs without slock table
DpShMCreate: system runs without file table
DpShMCreate: allocated vmc_adm_list at 0x700000000764f70
DpShMCreate: allocated gw_adm at 0x700000000764ff0
dev_disp (58%)
DpFileTableSize: max/headSize/ftSize/tableSize=0/0/0/0
DpShMCreate: sizeof(file_adm)           0       (72)
DpShMCreate: sizeof(vmc_adm)            0       (1864)
DpShMCreate: sizeof(wall_adm)           (40056/36728/64/192)
DpShMCreate: sizeof(gw_adm)     48
DpShMCreate: SHM_DP_ADM_KEY             (addr: 0x700000000126000, size: 6626392)
DpShMCreate: allocated sys_adm at 0x700000000126000
DpShMCreate: allocated wp_adm at 0x7000000001280f8
DpShMCreate: allocated tm_adm_list at 0x70000000012cbf8
DpShMCreate: allocated tm_adm at 0x70000000012cc58
DpShMCreate: allocated wp_ca_adm at 0x7000000006d7590
DpShMCreate: allocated appc_ca_adm at 0x7000000006dd350
DpShMCreate: allocated comm_adm at 0x7000000006df290
DpShMCreate: system runs without slock table
DpShMCreate: system runs without file table
DpShMCreate: allocated vmc_adm_list at 0x700000000764f70
DpShMCreate: allocated gw_adm at 0x700000000764ff0
DpShMCreate: system runs without vmc_adm
DpShMCreate: allocated ca_info at 0x700000000765020
DpShMCreate: allocated wall_adm at 0x700000000765028
MBUF state OFF
DpCommInitTable: init table for 500 entries
rdisp/queue_size_check_value : -> off
ThTaskStatus: rdisp/reset_online_during_debug 0
EmInit: MmSetImplementation( 2 ).
MM global diagnostic options set: 0
<ES> client 0 initializing ....
<ES> InitFreeList
<ES> block size is 4096 kByte.
Using implementation std
<ES> Info: use normal pages (no huge table support available)
EsStdUnamFileMapInit: ES base = 0x0x700000030000000
EsStdInit: Extended Memory 4092 MB allocated
<ES> 1022 blocks reserved for free list.
ES initialized.
WLM Tag 'ARP/DSP' successfully set for this process
rdisp/http_min_wait_dia_wp : 1 -> 1
***LOG CPS=> DpLoopInit, ICU ( 3.0 3.0 4.0.1) [dpxxdisp.c   1656]
***LOG Q0K=> DpMsAttach, mscon ( sapprodail) [dpxxdisp.c   11937]
DpStartStopMsg: send start message (myname is >sapprodail_ARP_01                       <)
DpStartStopMsg: start msg sent to message server o.k.
CCMS: AlInitGlobals : alert/use_sema_lock = TRUE.
CCMS: Initalizing shared memory of size 60000000 for monitoring segment.
CCMS: Checking Downtime Configuration of Monitoring Segment.
CCMS: start to initalize 3.X shared alert area (first segment).
DpMsgAdmin: Set release to 7000, patchlevel 0
MBUF state PREPARED
MBUF component UP
DpMBufHwIdSet: set Hardware-ID
***LOG Q1C=> DpMBufHwIdSet [dpxxmbuf.c   1050]
DpMsgAdmin: Set patchno for this platform to 159
Release check o.K.
Sat Oct 11 14:46:32 2008
MBUF state ACTIVE
DpModState: change server state from STARTING to ACTIVE
Please help me step by step to solve this problem.
Regards
Edited by: Infoseek Sap123 on Oct 12, 2008 8:22 AM

The command is
dpmon pf=/usr/sap/SID/SYS/profile/<profile>
Regards

Roles in satellite system for message creator

while creating support message in satellite syatem, i am getting the following error.
Error in Local Message System: No authorization to logon as trusted system (Trust Message was Not Created
Message no. BCOS088
what role i have to give it to the message creator @ satellite system

Hi.
Looks like you are using a trusted connection (maintained in table BCOS_CUST) to connect your satellite system to the Solution Manager.
If you keep this configuration every user who tries to create a support message in your satellite system also needs a real user in the Solution Manager (including authorization objects S_RFC and S_RFC_ACL).
Instead you should use the SM_<your sol man>_BACK destination and set NO_USER_CHECK=X in Tx: DNO_CUST04 (SolMan).
Also you should create a Business Partner in SolMan (for each user who should be able to create a support message in satellite system) with external ID referring to the satellite system user.
You do not need a user in SolMan for everyone who should be able to create a support message from satellite system.
Hope this helps.
/cheers

With SP16-17 we can't create support message from satellite system anymore

hello,
We have implemented the support package 16 and 17 SAPKITL427 in solution manager last week-end and since then all satellite systems can not create support message anymore.
The process is perfectly working in solman itself and we don't think we have thus a process customizing issue here but who knows...
The key user creates the message with the help -> create support message
and when he saves it (clicking the mailbox button) he gets the following error
Error in Local Message System: Function not available Message was Not
Created
In fact the error Message is BCOS088
We debugged the function BCOS_CREATE_MSG and we found out that the function
DNO_OW_CREATE_NOTIFICATION is returning error code 1.
We checked out RFC connection and it looks ok
There is no dumps in ST22, no error in SLG1 in both system...a nightmare
The notification SLF1 is created in solman but the status field of the notification is empty and it looks that the record is somehow corrupted because you can't modify it with dnotifwl.
Due to the fact that the notification is not correctly created the support message is also not created.
SAP and our solman consultant are working on it since 2 days but don't have a clue. Maybe some program where no regenerated correctly ?
If you would have any idea in which direction to look, i would greatly appreciate
thanks a lot
best regards Xavier

hi Rohit,
on the satellit I have the following versions
SAP_BASIS     700     0012     SAPKB70012     SAP Basis Component
SAP_ABA     700     0012     SAPKA70012     Cross-Application Component
PI_BASIS     2005_1_700     0012     SAPKIPYJ7C     PI_BASIS 2005_1_700
ST-PI     2005_1_700     0006     SAPKITLQI6     SAP Solution Tools Plug-In
SAP_BW     700     0013     SAPKW70013     SAP NetWeaver BI 7.0
SAP_AP     700     0009     SAPKNA7009     SAP Application Platform
SAP_HR     600     0018     SAPKE60018     Human Resources
SAP_APPL     600     0010     SAPKH60010     Logistics and Accounting
EA-IPPE     400     0010     SAPKGPID10     SAP iPPE
EA-APPL     600     0010     SAPKGPAD10     SAP Enterprise Extension PLM, SCM, Financials
EA-DFPS     600     0010     SAPKGPDD10     SAP Enterprise Extension Defense Forces & Public Security
EA-HR     600     0018     SAPKGPHD18     SAP Enterprise Extension HR
EA-FINSERV     600     0010     SAPKGPFD10     SAP Enterprise Extension Financial Services
FINBASIS     600     0010     SAPK-60010INFINBASIS     Fin. Basis
EA-PS     600     0010     SAPKGPPD10     SAP Enterprise Extension Public Services
EA-RETAIL     600     0010     SAPKGPRD10     SAP Enterprise Extension Retail
EA-GLTRADE     600     0010     SAPKGPGD10     SAP Enterprise Extension Global Trade
IS-PS-CA     600     0010     SAPK-60010INISPSCA     IS-PUBLIC SECTOR CONTRACT ACCOUNTING
IS-OIL     600     0010     SAPK-60010INISOIL     IS-OIL
IS-M     600     0010     SAPK-60010INISM     SAP MEDIA
IS-H     600     0010     SAPK-60010INISH     SAP Healthcare
IS-CWM     600     0010     SAPK-60010INISCWM     Industry Solution Catch Weight Management
INSURANCE     600     0010     SAPK-60010ININSURANC     SAP Insurance
FI-CAX     600     0010     SAPK-60010INFICAX     FI-CA Extended
FI-CA     600     0010     SAPK-60010INFICA     FI-CA
ERECRUIT     600     0010     SAPK-60010INERECRUIT     E-Recruiting
ECC-DIMP     600     0010     SAPK-60010INECCDIMP     DIMP
IS-UT     600     0010     SAPK-60010INISUT     SAP Utilities/Telecommunication
SEM-BW     600     0010     SAPKGS6010     SEM-BW: Strategic Enterprise Management
LSOFE     600     0010     SAPK-60010INLSOFE     SAP Learning Solution Front-End
ST-A/PI     01K_ECC600     0000          -     Application Servicetools for ECC 600
APICON     1470000000     0000          -     APICON GmbH, Interface Add ON
thank you Xavier

Create user both in the satellite system and in solman

Hi
I wonder if I need to open all my user's that are in the satellite system (ECC) in the solution manager for the purpose of create support message or I can only create them as BP?
If I don't need to open them, What is the proper way to configure the RFC?
Best regard's
Lior Grinberg

Hi,
in a normal service desk scenario you do not neet to create users in Sol Man. You just create business partners. If you want the users to logon to Sol Man and edit a document then they also need a real user there (linked via BP - employee):
For creating messages from satellite system you usually maintain RFC destinations from Sol Man (SMSY) to the connected systems. Then you use the generated *_BACK destination in your satellite system and add it to table BCOS_CUST.
All these steps and many more are described in IMG in Solution Manager.
Regards

RFC trouble with satellite systems

Hi all.
When i imort transport request from Charm - DEV to QAS system or QAS to PRD system
Logon screen appers to 000 clientst.
BUT!
in SMSY when i check RFC to the QAS 000 and PRD 000.
Check says all okey and green.
Any ideas?? where should i check more ....
Thanks
Sindry

Hi Sindry,
To allow import into a system using an automatic job via ChaRM you must assign additional authorisations to TMSADM on the satellite system. This trusted user must be granted authorisations to carry out the CTS import in client 000, otherwise it will prompt user for a 000 login. This is not recommended for Production system however.
To enable user to use the trusted RFC connection, must have access to S_RFCACL authorisation object.
Hope this helps
Paul

Configuration check error: The SMD Agent is not able to connect the Satellite System (J2EE stack)

Hi friends,
Getting the below error in step 10 (configuration check) in managed system configuration.
The SMD Agent is not able to connect the Satellite System (J2EE stack).
Please check the JAVA Connect Parameters provided in the Managed System Setup Wizard for this
System.
java.rmi.RemoteException.P4 Connection failed -
P4AuthorizationException -
com.sap.smdagent.plugins.connectors.p4.exceptions.P4AuthorizationException:
Access is denied to SAP System sid [XYZ/null]: check the connection
credentials.More details about the error in agent 'xyz' log file
(SMDAgentApplication.X.log).; nested exception is:
com.sap.engine.services.security.exceptions.BaseLoginException: Cannot
authenticate the user.
The SMD log file referred to in the log above gives the same information and not anything much useful.
Any idea what could be the reason for the above error?
Thanks,
Arindam

Hi All,
Thaks for your suggestions. I chcked the note 182020, but the issue described in the note is for error byte code adapter installation whcih is not my case. The byte cde adapter intallation has been successful in our solman system All the steps from 1 to 9 are green. Only in step 10, check cniguration I am getting the above error.
The logon test wth the user id in step 3 "Enter system parameters" is successful. The message server port is also correct.
Hi Khaja,
I went to the links as suggestedby you but there its about a ifferent error message "Invalid Response Code: (401) Unauthorized.". I am not getting any such kind of error.
All I am getting is this -
The SMD Agent is not able to connect the Satellite System (J2EE stack).
Please check the JAVA Connect Parameters provided in the Managed System Setup Wizard for this System.
java.rmi.RemoteException.P4 Connection failed -
P4AuthorizationException -
com.sap.smdagent.plugins.connectors.p4.exceptions.P4AuthorizationException:
Access is denied to SAP System sid [XYZ/null]: check the connection
credentials.More details about the error in agent 'xyz' log file
(SMDAgentApplication.X.log).; nested exception is:
com.sap.engine.services.security.exceptions.BaseLoginException: Cannot
authenticate the user.
Thanks,
Arindam

No direct SPRO in managed system, only via SOLAR01 / 02

Hi,
Is it possible to prevent users from launching SPRO directly from the managed systems but allow customizing through transaction SOLAR01 / SOLAR02 via Solution Manager?
Thanks.

Hi Guys,
We accomplished your exacr requirment by the following:
We lleft the team's SPRO authorization in DEV but blocked them from using it via a BADI thus forcing them to login via SOLAR02, input the IMG object and customize from there.
Here are the 3 BADIS:
ZENI_BLOCK_SPRO_IN_DEV_200
Logical Position: \FU:STREE_EXTERNAL_DISPLAY\SE:BEGIN\EI
- Block Customization in Dev 200 Environment
if SY-MANDT = '200' and SY-SYSID = 'ECD'
and ( SY-TCODE(4) = 'SPRO' or SY-TCODE = 'SST0' ).
message E172(00) with SY-TCODE.
endif.
ZENI_BLOCK_SPRO_IN_DEV_200_A
Logical Position: \FU:SPROJECT_STRUCTURE_EDIT\SE:BEGIN\EI
- Block Customization in Dev 200 Environment
if SY-MANDT = '200' and SY-SYSID = 'ECD'
and ( SY-TCODE(4) = 'SPRO' or SY-TCODE = 'SST0' ).
message E172(00) with SY-TCODE.
endif.
ZENI_BLOCK_SPRO_IN_DEV_200_B
Logical Position: \PR:SAPLS_IMG_TOOL_5\FO:CHECK_FOR_CRM\S
- Block Customization in Dev 200 Environment
if SY-MANDT = '200' and SY-SYSID = 'ECD'
and ( SY-TCODE(4) = 'SPRO' or SY-TCODE = 'SST0' ).
message E172(00) with SY-TCODE.
endif.
Best Regards,
Oded Dagan
SAP Project Manager & Solution Manager expert

Connection From Satellite System to Solution Manager for key users

Hi All,
Can anybody suggest which RFC connection/destination should be maintained in BCOS_CUST table under satellite system to connect to Solution Manager.
1. SM_SSMCLNT010_TRUSTED
2. SM_SSMCLNT010_BACK
I don't want user to Login to solution manager while creating a support message. They should create a support messsage seamlessly from satellite system.
Any help is greatly appreciated.
Thanks...

Thakur,
Sorry for the cryptic answer back there - read it myself and it didn't make much sense to me either so here we go with the seamless way to allow users to create service messages.
There are 2 ways to do this - 1 way is to use a connection like the 'BACK' connection but if you do this - all user tickets entered will have the username of the 'BACK' connection logon id as the message creator. The other way is to use the trusted connection so the userid of the person logging the message is transfered with the created ticket.
I will assume that you want to preserve the unique userid and use trusted connections. So here we go:
Step 1 - Go into BCOS_CUST on the Satelite and put in your TRUSTED RFC Connection as the detination for the Service Messages - either use the one that Solman created when generating or make your own ABAP Trusted Connection.
Step 2 - All users in Satelite and in Solution Manager need to have Authority Object S_RFCACL assigned to their userid's so they can use the Trusted RFC Connection (this is not in SAP_ALL or SAP_NEW).
Step 3 - All users that will use this method of creating service tickets need both a userID and a BP with the respective system keys to allow them to enter tickets for those Satelites.
That is all there is to it assuming that all issues with Trusted Connections have been worked through already (test this in SM59 by going to your 'TRUSTED' connection on the Satelite and execute the RemoteLogon button - you should be sent to the Solution Manager with out having to logon).
If this answers your question, please set this message to answered.
Edited by: David Milliken on Jan 25, 2008 1:55 AM

Block direct logon to satellite system

Similar Messages

Maybe you are looking for