Skip to Content

Getting IP ADDRESS IN SAP

Bliss! Never thought my secret desires during childhood days, of being a sleuth, like my heroes in detective novels, could find some gratification if I pursued a career in IT!

Alright! Alright! I know there is an entire wing in IT dealing with information security and that this is not something alien in IT. But come on! This is my first experience in this area, (other than the authorization checks being done for every transaction) and I have every reason to feel excited about it!  😳

Yep! Got a requirement that if anyone tries to manipulate any sensitive  information like basic pay info type or bank account info type, system should log the action with the username in SAP with which he has logged in, and the IP Address( 😯 ) of the computer that he was using for the purpose. (Well user name seemed fine, but IP Address! From SAP!  Woah! Thought that would be a load of work.) And, also, immediately send a mail to manager informing him such an attempt was made, with all the details.

Well, it turned out that getting the IP Address from SAP was a piece of cake.

There are various function modules and class methods in SAP for doing this, and the one which I used was the following.

data lv_ip(30) type c


call method cl_gui_frontend_services=>get_ip_address
receiving
ip_address           = lv_ip
exceptions
cntl_error           =
1
error_no_gui         =
2
not_supported_by_gui =
3
others               = 4.

if sy-subrc <> 0.
message id sy-msgid type sy-msgty number sy-msgno
with sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
endif.

And the icing on the cake – Manager is totally happy with the output!

By the way, if anybody feels that there are loop holes in this function, do let me know. I want to be sure that when I do something such as this; it is totally fool-proof! 😎

So to sum up! Being in IT, and in SAP, I can contribute to the interests of CIA!  Ahem! Not Central Intelligence Agency: Confidentiality, Integrity and Availability. 😉


To report this post you need to login first.

32 Comments

You must be Logged on to comment or reply to a post.

  1. Ramesh .

    Nice post….

    I have one requirement to make YSTAD report for that it need to get IP address based on terminal id..

    Any possibility is there?

    (0) 
    1. Susmitha Susan Thomas Post author

      I am not sure if SAP stores the history of IP Address. I have read that SM18, SM19, and SM20 are all used for logging purpose. We use settings in RZ10 to activate / deactivate logging. Sm18  – deletes logs, SM19 – enables loggin, SM20 – reads the logs. However, for this also, log can be obtained only for the last few days.

      You can also check transactions STAT, or ST03N.

      This FM will give only the current IP address.

      If you could modify the transaction you are trying to track to get the IP address when it is being run and simultaneously store it in database, then maybe you can retreive this information later on.

      (0) 
  2. Ayyam Perumal B

    Hi Susmitha,

    To be honest, few days back when looking at SCN for a solution to one of my need, i found this method in a very old post.

    But i liked the way you have explained the usage of the method with a business example in a funny tone.

    Regards,

    AyyamPerumal

    (0) 
  3. Suhas Saha

    If your SAP security settings are strong enough then “anyone” should not have access to any “sensitive  information“. Imo – “It’s better to be safe than sorry”.

    – Suhas

    (0) 
  4. K.Arun Prabhu

    Susmitha,

         If IP address is dynamic, this will not serve your purpose.

         Instead you can make use of the function SCUT_GET_CLIENTHOST to retrieve the host which is static.

    Regards,

    (0) 
    1. Susmitha Susan Thomas Post author

      You are right! This will not serve the purpose for terminals with dynamic IP address.

      Does SCUT_GET_CLIENTHOST give the IP address also? I tried it, I could get only the Terminal ID.

      (0) 
      1. Manish Kumar

        The idea is to identify who did it.

        In a corporate environment, terminal ID serves as unique identifier of a machine.

        Even if I access the network using personal internet connection, the machine name does not change. And changing machine name is usually not possible because of strong group policies, set by the employer.

        (0) 
  5. Satyabrata Sahoo

    Nice document. In addition to this, Run program TEST_FRONTEND_SERVICES.  It gives test case for all methods of CL_GUI_FRONTEND_SERVICES. Its not even IP but we can get the information on Domain/User id of the system.

    -Satya

    (0) 
    1. Yuvaraj S

      This nice, never knew that it existed.
      However I didnt find any tests written for get_ip_address( ) method.

      Also I couldnt debug any of the cl_gui_frontend_services methods. Strange !

      (0) 
  6. abhishek bansal

    i have been trying to get the computer name, but it is not returning any value.

    data :lv_ip(30) type c,

           v_name TYPE string,

    CALL METHOD CL_GUI_FRONTEND_SERVICES=>GET_COMPUTER_NAME

       CHANGING

         COMPUTER_NAME        = v_name

       EXCEPTIONS

         CNTL_ERROR           = 1

         ERROR_NO_GUI         = 2

         NOT_SUPPORTED_BY_GUI = 3

         others               = 4.

    IF SYSUBRC <> 0.

       MESSAGE ID SYMSGID TYPE SYMSGTY NUMBER SYMSGNO

    WITH SYMSGV1 SYMSGV2 SYMSGV3 SYMSGV4.

    ENDIF.

    (0) 
  7. Rudra Sonar

    Good one 🙂

    I tried getting IP by

    CALL FUNCTION ‘TH_USER_INFO’
         IMPORTING
           hostaddr = ip_addr_x
         EXCEPTIONS
           OTHERS   = 1.

    and with lot of bespoke code 🙁 I managed to get IP …..

    Never imagined it was this easy 🙂

    good one ……..

    (0) 
  8. Vinod Vemuru

    Nice post Susmitha.

    Does this work on virtual connections as well!? IP address here is dynamically generated for each connection. So, same machine can have different IP when connected to network for next time.

    Thanks,

    Vinod.

    (0) 
      1. K.Arun Prabhu

        Susmitha,

             I guess the following method will be better than IP and host data of a PC. This fetches the OS logon username which a person is working with. If the PC is not shared and if logon username created against that person, then this will be useful for investigations 😉

             CALL METHOD CL_GUI_FRONTEND_SERVICES=>GET_USER_NAME

                  CHANGING

                    USER_NAME            = user

                  EXCEPTIONS

                    CNTL_ERROR           = 1

                    ERROR_NO_GUI         = 2

                    NOT_SUPPORTED_BY_GUI = 3

                    OTHERS               = 4.


                CALL METHOD CL_GUI_CFW=>FLUSH

                  EXCEPTIONS

                    CNTL_SYSTEM_ERROR = 1

                    CNTL_ERROR        = 2

                    OTHERS            = 3.


        Regards.

        (0) 
  9. Raghavender Poosarla

    Interesting and a valid requirement I must say!!

    But for how many days are you storing the logs and where is also important in this scenario.

    Can you share the approach followed in that. 

    Regards,

    Raghav

    (0) 

Leave a Reply