Restrict ESS user to login via sapgui

Similar Messages

• How to restrict a user to login twice

  hei evryone!
  Here's my prob... I need to restrict a user to login more than once meaning, if a certain user account is currently login , that account cannot be used concurrently using another window or machine... If another user attempts to login, using that same account an error message will be displayed saying "this user account is already logged in".. i tried to do this in javascript but the code that i've got only works for IE and its kinda hard to capture the event for closing window.. plus using onunload is not advisable with my situation since my webpage can be redirected to other codes meaning the cause of unloading the page could either be closing the browser or redirecting the window to another page such as window.location="anothercode.jsp";... I was wondering if there's a way to do this in jsp...
  Any suggestions, ideas, or sample codes would be deeply appreciated. Thanks in advance!
  btw, i need to generate a code that is cross browser.. What i really need to accomplish is to be able to determine when the browser is closed either by clicking the X button on the window, alt f4 or my own close button and not when the page is unloaded.
  Here's a sample code : This only works in IE =(
  ---------- default.jsp-------------------------
  <html>
  <head>
  <script language="Javascript">
       onunload=function(e) {      
       winX = navigator.appName=="Microsoft Internet Explorer" ? window.event.clientX : e.screenX;
       winY =navigator.appName=="Microsoft Internet Explorer" ? window.event.clientY :e.screenY;
  if (winX<0 && winY<0)
            // redirect to logout.jsp n do some stuff
  </script>
  </head>
  <body>
  Logout
  List
  View Schedules
  </body>
  </html>
  the default screen would be the code above: "default.jsp" wherein there are many ways that the page
  can be unloaded such as :
  - clicking the logout link
  - click the View Schedules
  - click the x button the left side of the window
  - alt f4
  - if the window is minimized , right click then select close option
  Now, what i needed to do is to determined when the browser is closed so i reset the login flag of the account and can be used later on.

  hei everyone!
  im tryin to resolve this prob by adding a session id field on the users table. Everytime a user logs in i will update the session id field so that if anyone attempts to use the same account i will redirect the later into the login page with a warning msg. I'll do this by comparing the session id that u got from the dbase and the session id from request.getSessionId() of the browser. However, my prolem now is how to cleanup my database.. i need the cleanup coz i have a user tracking screen wherein i cud show who's account are login n who's not. I have created an applet and embed it in all of jsp files so that i cud catch the event for closing window whether by using the x button of the window or a power intrerruption. However, i need to find a way where i cud determine whether the event was really a close window or just a redirection from another page. I mean , you could leave the page either by viewing another screen or by actually closing the window.. For instance, my main page has main menu which are (1) View Users and (2) View Schedule .By default, im in the "View Users" screen . These two menus have their corresponding jsp n both jsp files have an embeded applet. So if the user click the "View Schedules " screen or if the user chooses to click the logout button or window's x button to exit the browser, then the applet will call the stop method. This what i meant by how will i determine if the user really exits on my application or not.. Coz if the user clicks from one screen to another then, user actually does not leave my application the user only exit on my application if the user logs out or close the window..
  Please help me out on this matter... Thanks in advance!

• Restrict AD users from login sharepoint?

  Dear all,
  I have setup User Profile Sync with my AD for particular AD group "Sharepoint Users" only. After the sync timer job run, I can see the user profiles built up. However, there is a user "outsider" not in "Sharepoint Users"
  group is able to login Sharepoint. After he login his user profile is auto built in Sharepoint.
  May I know is it default setting? If so how can I restrict only "Sharepoint Users" can login Sharepoint? Thanks.
  Mark

  Hi Mark,
  This is by design. When a user logs in to SharePoint, SharePoint checks to see if this user has permissions in the current site (or list/item). If the user has permissions, he can log in to SharePoint, it doesn't matter if he has a user profile or not.
  I think the user has permissions on the site he is trying to access. These can be permissions given to him directly, or he is member of a AD security group that allows him to access the site.
  You can check this by going to Site Actions -> Site Settings -> Site Permissions. In the ribbon, click "Check Permissions". Enter the username for that user and you can see how the user is given permissions to the site.
  Nico Martens - MCTS, MCITP
  SharePoint 2010 Infrastructure Consultant / Trainer

• Restrict SAP user ID login on certain PC

  Hi,
  Is there a way to restrict the SAP user ID to login only on certain PC?
  Example User ID A can only login at computer A. He cannot login SAP if he using computer B.
  Kindly please advise. Thank you.

  Hi Li,
  Find below two steps: a) To track the user in SAP with any number of logon's and other to restric user from a single login prespective:
  Single PC login:
  Implement Note 748424.
  All logons are then entered with the terminal ID, the user ID, the SAP GUI version, patch level and how many time logged in.
  e.g.
  Terminal ID User Operating System SAPGUI Version Patch Level Logins
  PC111555 USER1 WINDOWS 710 22 7
  Tracking user in SAP with multi logins:
  It is possible to track the audit log filters using SM19 transaction code. Once the filter is applied, the system will start tracking all the activities of the users (Based on the options you select in the filter.)
  You can further use SM20 transaction code to analyze the audit logs where you can find the user login/logout time, transaction executed by the user, amount of time he spent in each screen etc.,
  As the audit logs occupy more space, you should be careful while choosing the filter option. The old audit logs can be deleted using SM18 transaction code.
  There is also a background system house keeping job that deletes the old logs from the system.
  Do let me know if this helps you.
  Thanks
  Madhu

• Restrict witch users can login at wiki

  Hello
  can anyone tell me if I can restrict users on the server to login at the WiKi, I'm thinking from a security aspect that it would be nice to only have a group or selected users on the server that can login on the wiki service...

  Hi Mark,
  This is by design. When a user logs in to SharePoint, SharePoint checks to see if this user has permissions in the current site (or list/item). If the user has permissions, he can log in to SharePoint, it doesn't matter if he has a user profile or not.
  I think the user has permissions on the site he is trying to access. These can be permissions given to him directly, or he is member of a AD security group that allows him to access the site.
  You can check this by going to Site Actions -> Site Settings -> Site Permissions. In the ribbon, click "Check Permissions". Enter the username for that user and you can see how the user is given permissions to the site.
  Nico Martens - MCTS, MCITP
  SharePoint 2010 Infrastructure Consultant / Trainer

• How many users can login via one Skype account

  Dear you,
  i am planning for my group which will use one Skype account so how many people can login with the same Skype account ?
  thanks for your seeing and help...
  Nguyen

  Hi Nguyen and welcome to the Skype Community,
  Share a Skype account between multiple users is not allowed. See http://www.skype.com/en/legal/tou/#4 (Highlighting in red done by me to emphasize relevant portions):
  4.1 Licence. Subject to your compliance with these Terms, you are granted a limited, non-exclusive, non-sublicensable, non-assignable, free of charge license to download and install the Software on a personal computer, mobile phone or other device; and personally use the Software through your individual Skype user account (“User Account”).
  Follow the latest Skype Community News
  ↓ Did my reply answer your question? Accept it as a solution to help others, Thanks. ↓

• Some Users cannot login via Lync 2013 windows client

  Hi,
  I have a Lync 2013 FrontEnd server, DB server and Edge Server.
  Since last noon we are facing a mysterious issue. Its as below.
  ( I have just entered into Lync administration)
  User A and User B, both were able to login to lync till yesteday noon on their individual PC, any PC or mobile (windows, android, mac) with any version of Lync client, inside and outside the organization.
  Last noon User A reported that he is facing an issue that whenever he logs in to lync 2013 client he is automatically logged off in 2 to 3 seconds. Then again logs in automatically and again loggs off in 2-3 seconds. and thats all is happening again and
  again. The message he is is getting after he is logged off is "The connection to the server was lost
  . Reconnecting. Current calls may continue, but with reduced functionality".
  But at the same time he was able to login from other computer and his mobile device.  At the same time, User B is not facing any issue on his machine.
  Then User A tried to login from the User B's computer and there also he faced same issue. Then i asked User B to login on computer of User A and what i see is User B is able to login on User A's computer.
  What is concluded from the observation is, User A cannot login from lync client 2013 from any computer inside and outside of my network and can login from any other client/version/platform inside or outside of my network.
  What i checked for is Client Version Policy of User A and User B, but both are same (Automatic). Below is my client version policy and i am using client version 15.0.4605.1000
  In Sing In Logs. (By Right click on system tray icon of lync) i got below information.
  Error-1
  In Windows 8, event viewer i am getting only Event ID 1 or 12 which says, "
  The description for Event ID 12 from source Lync cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
  If the event originated on another computer, the display information had to be saved with the event.
  The following information was included with the event: 
  Lync
  Thanks, Rishi Pandit.

  The issue has been resolved by removing an entry from "Trusted Application Server". This application server was being used for Polycom VC infrastructure integration with Lync.
  As per Task 4 section in
  Polycom and Lync Integration Documentation we have to use below-
  http://support.polycom.com/global/documents/support/strategic_partner_solutions/Polycom_UC_Microsoft_Deployment_W8.pdf
  Use the New-CsStaticRoute command to set up a static route for the RealPresence 
  Collaboration Server system. 
  $route = New-CsStaticRoute -TLSRoute -destination rmx.corp.local 
  -port 5061 -matchuri sipdomain.com -usedefaultcertificate $true 
  where rmx.corp.local is the FQDN of the RealPresence Collaboration Server SIP signaling 
  domain and sipdomain.com is the name of the Trusted Application Pool you created. 
  but this was wrong.
  we used sip.domain.com and issue got resolved. Polycom forgot one (.) dot between sip and domain.com which ruined us.
  Thanks.
  Thanks, Rishi Pandit.

• Automatic Login via SAPGUI

  I am trying to automatically logon to my sap system using a script but I am not sure what is the best approach. Has anybody done this or am I cutting new ground here.

  Hello Rich
  Pl try the following:
  In the cmd line pl type the following:
  sapshcut -sysname=<aaaa> -client=900 -user=<username>
  -pw=<user pwd> -command=<initial screen tcode>
  sysname =description in the saplogonpad ie development or production etc.
  client= client number like 100/200/900/000 etc.
  username= user name in that client.
  user pwd= password of the user .
  initial screen tcode= the tcode where u want to be on logging on.
  This works.
  Pl dont forget to award a point
  Let me know if this solves yr purpose.
  NB: Pl remove the command fron the cache otherwise there is a chance of others knowing your password.

• Restricting the Oracle user from Login

  Hi,
  I want to restrict the users from login depending on two parameters usind Database logon trigger,
  i.e
  1. MODULE (like SQL*Plus...)
  2. USERNAME
  I can get USERNAME from
  select SYS_CONTEXT('USERENV','CURRENT_USER') from dual
  But, select SYS_CONTEXT('USERENV','MODULE') from dual says invalid parameter.
  Can anybody help me?
  Ronald.

  Both are working fine i saw
  SQL> select SYS_CONTEXT('USERENV','CURRENT_USER') from dual
  2 ;
  SYS_CONTEXT('USERENV','CURRENT_USER')
  APPS
  SQL> select SYS_CONTEXT('USERENV','MODULE') from dual ;
  SYS_CONTEXT('USERENV','MODULE')
  SQL*Plus

• Restricting users to login multiple times on the same machine..

  Hi everyone,
  Is it possible to restrict the users to login multiple times on the same machine...did someone implemented this kind of process.Please help me how can i achieve this or any suggestions.
  Thanks in advance.
  Phani..

  Hello,
  I decided to answer you in the original thread - Identify currently active users – as I believe that the outline background of the issue is important to better understand it.
  Regards,
  Arie.

• Restrict local user login via GPO

  I need a way to restrict domain user's access to the PCs in my department. All users at the company are put into company wide general user groups and then, as a department, we put them into separate user groups per department OU. I want to restrict access
  to all users except the users in my OU user groups but there are hundreds of other user groups created by other departments so direct exclusion per group is out. I need a way to restrict everyone except my users via a group policy object. 
  Any help is appreciated.

  Hi,
  Please follow the below steps for denying logon to all users, except the users who are the members of groups in your department OU,
  1. Create a new group called "MyExcludedGroups" (To whom we are going to add the groups, for excluding logon to your department computers).
  2. Check the below steps for adding the groups to "MyExcludedGroups" group using powershell,
  - Go to Start -> Open Windows Powershell using Run as Administrator 
  - In the powershell type, set-executionpolicy unrestricted (for allowing commands to execute)
  - Type the command import-module activedirectory           (to enable and execute AD cmdlets)
  - For example to add the groups in "ou=test1,dc=mydomain,dc=com" to "MyExcludedGroups" group, type the below commands,
             $test1=Get-ADGroup -Filter * -SearchBase "ou=test1,dc=mydomain,dc=com" 
             Add-GroupMember -Identity MyExcludedGroups -Members $test1
        Similarly you can run the commands on each OU to add the groups to "MyExcludedGroups" group.
  3. Create a Group Policy Object (GPO) linked at the OU containing your department computers called "Deny Interactive Logon".
  4. Right click and edit the GPO "Deny Interactive Logon" and navigate to the node "Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment".
  5. In the "User Rights Assignment" node add "Deny log on locally" permission for "MyExcludedGroups" group.
  Regards,
  Gopi
  www.jijitechnologies.com

• How can I restrict Lion to only allow certain network users to login when bound to an Active Directory?

  Hi,
  I'm trying to find a way to configure which network users can login to a lab of iMacs running 10.7.4. They're being deployed using DeployStudio, and the Macs are bound to an MS Active Directory by a script that runs as part of the workflow. I'd like to have another script run after the AD binding to permit only users in certain AD groups to be able login to them.
  I'm halfway there, in that using dseditgroup I can easily add AD groups or individual users to the relevant group (deseditgroup -o edit -a <domain\\group name> -t group com.apple.loginwindow.netaccounts. After running this I can see the desired groups added to the list in Sys Prefs -> Users & Groups -> Login Options -> Options. However, membership of this group is deemed irrelevant by the fact the radio button above this list for 'Allow these users to log in at login window' is still set to 'All network users' and not 'Only these network users'.
  Does anyone know of a way to enable the 'Only these network users' option via the Terminal/a shell script?
  Thanks,
  Chris

  I tried that, thinking it was exactly what I wanted, but it still sends stuff as SMS (green bubble).

• Parallel How many times user can login to the SAP system through ITS

  Hello all
  We are using the ITS ---620 and following 46D R/3 system 
  R/3 system details:
  Kernal :
  kernel release :46D
  O/S :SunOS 5.8 Generic_108528-05 sun4us
  We would like to now, At a time How many times user can login to the SAP system through ITS
  Kindly letus know  if any one have idea about parameter which can restrict the end users to u201CNu201D times/ sessions.
  Transaction SITSPMON/SMICM are not working in R/3 system as it is 46D.
  We found that parameter u201Clogin/disable_multi_gui_loginu201D works with SAPgui logons.
  System logons using the Internet Transaction Server (ITS) or Remote Function Call (RFC) are not affected by this Parameter u201Clogin/disable_multi_gui_loginu201D
  I need similar parameter u201Clogin/disable_multi_gui_loginu201D for the ITS users.
  Thanks

  I have searched all docs and notes.
  Everytime the answer is PArameter for multi_gui_logonis not applicable for SAP Gui for HTML ( Browser )
  The functionality does not exist for SAP Gui for HTML.
  Regards,

• Avoid users to login into the database thru SQLPlus

  I'm trying to use the after logon trigger described below, to avoid users to login into the database thru SQLPlus, user can only connect from from pls help me

  If your only concern is preventing users from logging in via SQL*Plus, you could use the PRODUCT_USER_PROFILE table.
  However, and this is a big however, this will not prevent users from logging in using any other tool (SQL Developer, SQL Programmer, TOAD, etc) if they know the Oracle user name and password. You can create a login trigger that generates an exception if the program that the client reports is connecting isn't on a list of valid products, but this sort of thing is easily circumvented just by renaming the executable on the client machine.
  Fundamentally, if you have given a person an Oracle user name and an Oracle password, whatever privileges are available to the Oracle account are available to that individual. No matter what tool that person uses to connect to the database, they are going to have the same privileges. That's why you ideally want to restrict what users can do to the point that you don't care what tool they're using. Barring that, you can enable auditing and let the users know what they are and are not allowed to do by policy and use the audit logs to ensure compliance.
  Justin

• Send Email to ESs user

  hi Expert,
  How do we send email to ess User, so that when the user login to the ess he/she can see the email? And further more where exactly he/she will read the email? is there any specifi iview for that? I tried to send email via SAP Business workplace to ess user but when i login ess i just can't find the email. thanks
  Edited by: Hendri Salim on Jun 30, 2010 12:24 PM

  Hi,
  As per my understanding there are two option for sending email.
  1) Through Work Flow.
  2) Through Program.
  In program or function module please use sap standard function module to send e mails.
  You can use the FM SO_OBJECT_SEND.
  The mail can be read in outlook, lotus notes etc.
  Thanks & Regards,
  Sandip Biswas.