SAP Note 12466 - Logon restrictions in R/3

Symptom:

a) Can you limit the number of times a user can log on to R/3?

b) Can you find out from which computer the logon has been carried out?

c) Can the number of sessions per user be limited?

Other terms

Multiple logon, logon, number, session, window, APPC-TM, terminal

Reason and Prerequisites

Information requirement or customer's security policy

Solution

a) The number of R/3 logons per user cannot be restricted prior to Release 3.0D. As of Release 4.6, it is possible to prevent multiple dialog logons in the standard system (see Note 142724). Using the dialog logon user exit (SUSR0001), separate checks can be implemented for all Releases in between (3.0D - 4.5B) (see Note 142724).

b) Transaction SM04 (user list) shows, among other things, all logged-on users with the host name of their computers and the number of open sessions (with respect to the current R/3 server). The entry 'APPC-TM' (Advanced Program-to-Program Communication Terminal) indicates an RFC/ CPIC connection. Some R/3 applications use internal RFC calls to accelerate processing by executing function modules in parallel; for this reason, these entries may also appear for users who are logged onto the R/3 system using the SAP GUI.

c) The number of open sessions (SAP GUI windows) for each logon is limited. As of Basis Release 4.6, this number can be set using the profile parameter rdisp/max_alt_modes. When you do this, the following value ranges apply to the parameter, depending on the SAP release:
46X: 2 - 6
6XX: 2 - 10
7XX: 2 - 16

Key word: Logon