Skip to Content
Author's profile photo Sascha Wächter
Sascha Wächter
May 29, 2018 1 minute read

Prevent Users from logging in to Sap Business Client

Some few words about a little “problem” we had with SAP Business Client for Desktop. We have scenarios where users are not allowed to login. With SAP GUI it was no problem to solve the user lock. But ith SAP BC it was a bit more challenging especially with SSO.

So my first and easiest soloution was to implement an own handler which I added to the handler list in SICF under the NWBC-Service.

After that save and add to transport request.

Your handler class has to implement the interface if_http_extension.

 METHOD if_http_extension~handle_request.

    IF mo_server_assist IS INITIAL.
      mo_server_assist = /ui2/cl_nwbc_factory=>/ui2/if_nwbc_factory_internal~get_server_assist( server ).
    ENDIF.
    
    "Checks for Users or criteria....

    server->logoff(
      EXCEPTIONS
        logoff_not_possible       = 1
        OTHERS                    = 2
    ).
    IF sy-subrc = 0.
      mo_server_assist->set_response(
      EXPORTING
        iv_content        = |<html><body bgcolor="#D46868" align="center">| &
                            |<h2>Not allowed to login</h2>| &
                            |</body></html>|
        iv_content_type   = /ui2/if_nwbc_constants=>gc_s_file_type-html
        iv_caching_mode   = /ui2/if_nwbc_constants=>gc_s_caching_mode-no_caching
        iv_rendering_mode = /ui2/if_nwbc_constants=>gc_s_rendering_mode-edge
    ).
    ENDIF.

ENDMETHOD.

 

If you loggin to SAP BC the next time ( or an user who isn’t allowed in the right case) you should get an error message and get logged off untill the criteria for loggin is is fullfilled.

I’m curios what other soloutions there are 🙂

Assigned Tags

      4 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Ethan Jewett
      Ethan Jewett

      This is possibly a stupid question, but why doesn't locking the user work for you?

       

      Author's profile photo Sascha Wächter
      Sascha Wächter
      Blog Post Author

      Because the standard user locking functionalities are too inflexible for different users on many different clients  and also do not offer the possibility of different conditions, etc.

      Author's profile photo Colleen Hebbert
      Colleen Hebbert

      Are these users allowed nwbc html? If not, would s_icf authorisation and secure the nwbc service work?

      Author's profile photo Joachim Rees
      Joachim Rees

      Hey Sascha,

       

      thanks for sharing.

      When reading the title, I first thought you want to force your users to stick to old SapGui, while they would like to use the modern Sap Business Client.

      (Quite the opposite of what -I guess - most businesses deal with: users want to stick with the old and are afraid of new. )

       

      I understand now that this is not the case. Still I can’t really follow the use case - why do you want to lock people out?

      Can you give some example conditions?
      (I could imagine something with working-hours maybe? -> If <9 am or >5pm -> no log-in allowed ? )

       

      I think your solution is nice, but I'm afraid I can only fully appreciate it if I get a better understanding of the problem/use-case!

       

      best

      Joachim