Maintaining SNC Information for Dialog Users
For each user who logs on to the SAP system using SNC, you must establish a relationship between the SAP system user ID and the external user name (SNC name).
Restrictions
- You can only assign a single SNC name to a user account in the SAP system.
With this restriction, you can be sure that each user in the SAP system also has a single identity with the external security product. This is necessary for monitoring user actions, for example, for auditing purposes.
- In releases prior to Release 4.5, do not assign the same SNC name to multiple users in a single client in the SAP system. If you do, we cannot guarantee the user will be correctly mapped in the SAP system.
- As of Release 4.5, you can suppress the initial logon screen if the system can map the SNC user name to a single user in the SAPsystem (provided that the parameter snc/force_login_screen= 0). If the SNC name matches several users in the SAPsystem, then a logon screen appears where the user can select the correct account to use (see Suppressing the Logon Screen).
Prerequisites
- SNC needs to be activated in the SAP system (snc/enable = 1).
- If you want to allow password logon for certain users, then the profile parameter snc/accept_insecure_gui must be set to the value U.
Procedure
- Start transaction SU01.
- Choose the SNC tab.
- Enter the SNC name in the SNC name field. You can enter a longer name by choosing the symbol for Change SNC-Name.
- Determine if you want to allow password logon over SNC.
Select Allow Password Logon for SAPGUI (user-specific) if you want to allow logon with user ID and password for the user.
- Save your entries.
Result
The SAP system automatically updates the user ACL (table USRACL) and generates the user's SNC name in canonical form. If no errors occurred, then the system activates the Canonical name determined indicator and displays the length of the SNC name. An error may occur, for example, if the SNC name contains syntax errors.