Skip to Content

Prevent Users from logging in to Sap Business Client

Some few words about a little “problem” we had with SAP Business Client for Desktop. We have scenarios where users are not allowed to login. With SAP GUI it was no problem to solve the user lock. But ith SAP BC it was a bit more challenging especially with SSO.

So my first and easiest soloution was to implement an own handler which I added to the handler list in SICF under the NWBC-Service.

After that save and add to transport request.

Your handler class has to implement the interface if_http_extension.

 METHOD if_http_extension~handle_request.

    IF mo_server_assist IS INITIAL.
      mo_server_assist = /ui2/cl_nwbc_factory=>/ui2/if_nwbc_factory_internal~get_server_assist( server ).
    "Checks for Users or criteria....

        logoff_not_possible       = 1
        OTHERS                    = 2
    IF sy-subrc = 0.
        iv_content        = |<html><body bgcolor="#D46868" align="center">| &
                            |<h2>Not allowed to login</h2>| &
        iv_content_type   = /ui2/if_nwbc_constants=>gc_s_file_type-html
        iv_caching_mode   = /ui2/if_nwbc_constants=>gc_s_caching_mode-no_caching
        iv_rendering_mode = /ui2/if_nwbc_constants=>gc_s_rendering_mode-edge



If you loggin to SAP BC the next time ( or an user who isn’t allowed in the right case) you should get an error message and get logged off untill the criteria for loggin is is fullfilled.

I’m curios what other soloutions there are 🙂

You must be Logged on to comment or reply to a post.
    • Because the standard user locking functionalities are too inflexible for different users on many different clients  and also do not offer the possibility of different conditions, etc.

  • Hey Sascha,


    thanks for sharing.

    When reading the title, I first thought you want to force your users to stick to old SapGui, while they would like to use the modern Sap Business Client.

    (Quite the opposite of what -I guess - most businesses deal with: users want to stick with the old and are afraid of new. )


    I understand now that this is not the case. Still I can’t really follow the use case - why do you want to lock people out?

    Can you give some example conditions?
    (I could imagine something with working-hours maybe? -> If <9 am or >5pm -> no log-in allowed ? )


    I think your solution is nice, but I'm afraid I can only fully appreciate it if I get a better understanding of the problem/use-case!