Skip to Content
Technical Articles

Avoiding rdisp/gui_auto_logout timeouts for selected users

Hi Martin,
as long as I know, the parameter rdisp/gui_auto_logout is Instance related and affects to all the users connected to the instance. Please confirm that there is not possible to exclude just one user from this setting.

They’re right. Having said this, there is a way around this for selected users, but you do need to bear in mind the purpose of the rdisp/gui_auto_logout parameter;

  • Not only does it prevent the user from holding resources (because an unused session still takes up a small amount of storage and other resources), it is designed for the protection of the user themselves.
  • If the user’s session remains logged in, then when / if they walk away, the session and their logon is available for anyone else. Anything thing done in this session by a “walk by” will be recorded under the original user’s login.
  • Also, if we prevent the user from being logged out by a timeout, they will need to ensure they perform their own logoff at the end of their work day.
  • From a security perspective, you MUST have rules and processes in place to ensure that the next operator uses their own login and does not simply “swap seats” and continue using the original operator’s user.
  • This means that if you enable this functionality, then you need to make sure it is secured and can only be executed by a select few people.

Because of the security implications, note the built in Authorization Check. If you don’t understand the need for the AUTHORITY-CHECK, do not implement the program.

  • Add the Authorization Object via transaction SE21,
  • Add the Authorization Object to appropriate roles in transaction PFCG; Either
    • Select one or more roles used by the users requiring this functionality,
      Add the required user to the Authorization Object for that role.
    • or create a new role containing this object and add it to the appropriate users.
REPORT Z_TIMEOUT.

PARAMETERS: P_SLEEP type i default 300.

AUTHORITY-CHECK OBJECT 'Z_TIMEOUT'
    ID 'USER' FIELD SY-UNAME.

IF SY-SUBRC NE 0.
  MESSAGE 'Unauthorized User' TYPE 'E'.
  EXIT.
ENDIF.

WHILE 1 = 1.
  WAIT UP TO p_sleep SECONDS.
  CALL FUNCTION 'SAPGUI_PROGRESS_INDICATOR'
    EXPORTING
      percentage = 0
      text       = 'Keep alive'.
ENDWHILE.

Logon and open a new mode.
Run this program in one SAP GUI mode.

If the user passes the AUTHORITY-CHECK, the Function Module SAPGUI_PROGRESS_INDICATOR will write to the SAP GUI Status line, and keeps the SAP GUI session alive (including any other modes), so long as the value entered in P_SLEEP is less than the rdisp/gui_auto_logout value.

hth

/
3 Comments
You must be Logged on to comment or reply to a post.
  • We have some quarries where the truck driver comes in during the middle of the night and reaches through a window to input something into SAP (they just press a button on a screen and it prints a ticket for them). The hut is unstaffed and the SAP session runs all through the night. You would expect that not to work, it could be two hours (or more) between drivers arriving, and the session would be auto logged out.

    So many years ago, back in 2000 I think, our BASUS people had us set up one fake user for each such quarry with “NIGHT” at the start of the user name, and excluded those users from being logged out automatically.

    How? You will ask. I have no idea. it was 20 years ago, those who did it are all gone, and I did not understand what they had done even back then. But it works to this day … some users are exempt from auto logout…. I just checked in AL08 and all those “night” users are on different servers, the same servers as the real users so its all black magic.

     

     

  • Hi Paul,

    You’ll have to imagine the witty comment I had here, before the comment function died on me … It was really good, and you would have appreciated it. In fact it was so funny, you should send me a beer

    Anyway, is the application you describe running on a SAP GUI ?  I do remember some thing vaguely similar from last century, but it was using SAP Console I thing (similar to what is described in the first part of this) not the SAP GUI.

    It worked in a similar way, staying logged in by polling the SAP system often enough to keep the session alive.

    Martin