Skip to Content
Author's profile photo Susmitha Susan Thomas

Excited to do some sleuthing!

Getting IP ADDRESS IN SAP

Bliss! Never thought my secret desires during childhood days, of being a sleuth, like my heroes in detective novels, could find some gratification if I pursued a career in IT!

Alright! Alright! I know there is an entire wing in IT dealing with information security and that this is not something alien in IT. But come on! This is my first experience in this area, (other than the authorization checks being done for every transaction) and I have every reason to feel excited about it!  😳

Yep! Got a requirement that if anyone tries to manipulate any sensitive  information like basic pay info type or bank account info type, system should log the action with the username in SAP with which he has logged in, and the IP Address( 😯 ) of the computer that he was using for the purpose. (Well user name seemed fine, but IP Address! From SAP!  Woah! Thought that would be a load of work.) And, also, immediately send a mail to manager informing him such an attempt was made, with all the details.

Well, it turned out that getting the IP Address from SAP was a piece of cake.

There are various function modules and class methods in SAP for doing this, and the one which I used was the following.

data lv_ip(30) type c


call method cl_gui_frontend_services=>get_ip_address
receiving
ip_address           = lv_ip
exceptions
cntl_error           =
1
error_no_gui         =
2
not_supported_by_gui =
3
others               = 4.

if sy-subrc <> 0.
message id sy-msgid type sy-msgty number sy-msgno
with sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
endif.

And the icing on the cake – Manager is totally happy with the output!

By the way, if anybody feels that there are loop holes in this function, do let me know. I want to be sure that when I do something such as this; it is totally fool-proof! 😎

So to sum up! Being in IT, and in SAP, I can contribute to the interests of CIA!  Ahem! Not Central Intelligence Agency: Confidentiality, Integrity and Availability. 😉


Assigned tags

      32 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Hi Susmitha Susan Thomas.

      Nice Post.Keep it Up.

      Thanks & Regards,

      Sausap

      Author's profile photo uppu narayan
      uppu narayan

      very funny post with info..

      Regards,

      Narayan

      Author's profile photo Former Member
      Former Member

      When you said CIA and the meaning of the acronym, I think we're under the same roof. 😉

      Author's profile photo Ramesh .
      Ramesh .

      Nice post....

      I have one requirement to make YSTAD report for that it need to get IP address based on terminal id..

      Any possibility is there?

      Author's profile photo Susmitha Susan Thomas
      Susmitha Susan Thomas
      Blog Post Author

      I am not sure if SAP stores the history of IP Address. I have read that SM18, SM19, and SM20 are all used for logging purpose. We use settings in RZ10 to activate / deactivate logging. Sm18  - deletes logs, SM19 - enables loggin, SM20 - reads the logs. However, for this also, log can be obtained only for the last few days.

      You can also check transactions STAT, or ST03N.

      This FM will give only the current IP address.

      If you could modify the transaction you are trying to track to get the IP address when it is being run and simultaneously store it in database, then maybe you can retreive this information later on.

      Author's profile photo Ramesh .
      Ramesh .

      Ok Thank You....

      Author's profile photo Jogeswara Rao K
      Jogeswara Rao K

      Good post, Susmitha.

      Useful info.

      Jogeswar Rao K

      Author's profile photo Former Member
      Former Member

      Hi Susmitha,

      To be honest, few days back when looking at SCN for a solution to one of my need, i found this method in a very old post.

      But i liked the way you have explained the usage of the method with a business example in a funny tone.

      Regards,

      AyyamPerumal

      Author's profile photo Former Member
      Former Member

      If your SAP security settings are strong enough then "anyone" should not have access to any "sensitive  information". Imo - "It's better to be safe than sorry".

      - Suhas

      Author's profile photo Former Member
      Former Member

      Hi Susmitha,

      A good post and the way you have put it is even better.

      Thanks! 🙂

      Jagathshree

      Author's profile photo K.Arun Prabhu
      K.Arun Prabhu

      Susmitha,

           If IP address is dynamic, this will not serve your purpose.

           Instead you can make use of the function SCUT_GET_CLIENTHOST to retrieve the host which is static.

      Regards,

      Author's profile photo Susmitha Susan Thomas
      Susmitha Susan Thomas
      Blog Post Author

      You are right! This will not serve the purpose for terminals with dynamic IP address.

      Does SCUT_GET_CLIENTHOST give the IP address also? I tried it, I could get only the Terminal ID.

      Author's profile photo Former Member
      Former Member

      The idea is to identify who did it.

      In a corporate environment, terminal ID serves as unique identifier of a machine.

      Even if I access the network using personal internet connection, the machine name does not change. And changing machine name is usually not possible because of strong group policies, set by the employer.

      Author's profile photo K.Arun Prabhu
      K.Arun Prabhu

      As Manish kumar said, terminal ID is sufficient enough to uniquely identify a system. You don't need IP if you have terminal ID.

      Author's profile photo Satyabrata Sahoo
      Satyabrata Sahoo

      Nice document. In addition to this, Run program TEST_FRONTEND_SERVICES.  It gives test case for all methods of CL_GUI_FRONTEND_SERVICES. Its not even IP but we can get the information on Domain/User id of the system.

      -Satya

      Author's profile photo Yuvaraj S
      Yuvaraj S

      This nice, never knew that it existed.
      However I didnt find any tests written for get_ip_address( ) method.

      Also I couldnt debug any of the cl_gui_frontend_services methods. Strange !

      Author's profile photo Shashi Kanth
      Shashi Kanth

      Hi Susmitha,

      Good one and very impressive.

      Regard's,

      Shashi Kanth.

      Author's profile photo Former Member
      Former Member

      i have been trying to get the computer name, but it is not returning any value.

      data :lv_ip(30) type c,

             v_name TYPE string,

      CALL METHOD CL_GUI_FRONTEND_SERVICES=>GET_COMPUTER_NAME

         CHANGING

           COMPUTER_NAME        = v_name

         EXCEPTIONS

           CNTL_ERROR           = 1

           ERROR_NO_GUI         = 2

           NOT_SUPPORTED_BY_GUI = 3

           others               = 4.

      IF SY-SUBRC <> 0.

         MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO

      WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.

      ENDIF.

      Author's profile photo Rudra Sonar
      Rudra Sonar

      Hello Abhishek,

      I just saw that FM TH_USER_INFO - can give u computer name too 🙂

      Terminal ....they call it.

      try it its awesome.

      Author's profile photo Sougata Chatterjee
      Sougata Chatterjee

      Manager is totally happy with the output!

      Was he happy because now that he could fire the entire SAP Security team? 😕

      Author's profile photo Former Member
      Former Member

      Very Informative...Thanks.

      Best Regards,

      Naresh K.

      Author's profile photo Rudra Sonar
      Rudra Sonar

      Good one 🙂

      I tried getting IP by

      CALL FUNCTION 'TH_USER_INFO'
           IMPORTING
             hostaddr = ip_addr_x
           EXCEPTIONS
             OTHERS   = 1.

      and with lot of bespoke code 🙁 I managed to get IP .....

      Never imagined it was this easy 🙂

      good one ........

      Author's profile photo Vinod Vemuru
      Vinod Vemuru

      Nice post Susmitha.

      Does this work on virtual connections as well!? IP address here is dynamically generated for each connection. So, same machine can have different IP when connected to network for next time.

      Thanks,

      Vinod.

      Author's profile photo Susmitha Susan Thomas
      Susmitha Susan Thomas
      Blog Post Author

      No this is not going to work for virtual connections with dynamic IP addresses. For that you can use SCUT_GET_CLIENTHOST  as was suggested by K.Arun Prabhu.

      Author's profile photo K.Arun Prabhu
      K.Arun Prabhu

      Susmitha,

           I guess the following method will be better than IP and host data of a PC. This fetches the OS logon username which a person is working with. If the PC is not shared and if logon username created against that person, then this will be useful for investigations 😉

           CALL METHOD CL_GUI_FRONTEND_SERVICES=>GET_USER_NAME

                CHANGING

                  USER_NAME            = user

                EXCEPTIONS

                  CNTL_ERROR           = 1

                  ERROR_NO_GUI         = 2

                  NOT_SUPPORTED_BY_GUI = 3

                  OTHERS               = 4.


              CALL METHOD CL_GUI_CFW=>FLUSH

                EXCEPTIONS

                  CNTL_SYSTEM_ERROR = 1

                  CNTL_ERROR        = 2

                  OTHERS            = 3.


      Regards.

      Author's profile photo Former Member
      Former Member

      Short, to the point, and a nice one to have up my sleeve.

      Author's profile photo rajesh bethamcharla
      rajesh bethamcharla

      Good work....thanks for sharing.. 🙂

      Author's profile photo Modadugu Hemanth Kumar
      Modadugu Hemanth Kumar

      Nice Documents Susmitha Susan Thomas.

      Author's profile photo Former Member
      Former Member

      Interesting and a valid requirement I must say!!

      But for how many days are you storing the logs and where is also important in this scenario.

      Can you share the approach followed in that. 

      Regards,

      Raghav

      Author's profile photo Ronaldo Aparecido
      Ronaldo Aparecido

      Very Good congratulations 😆

      Author's profile photo ASHOK KUMAR
      ASHOK KUMAR

      Good post, thanks for sharing:-)

      Thanks,

      Ashok

      Author's profile photo Former Member
      Former Member

      Nice post