Show TOC

 Maintaining SNC Information for Dialog UsersLocate this document in the navigation structure

For each user who logs on to the SAP system using SNC, you must establish a relationship between the SAP system user ID and the external user name (SNC name).

Restrictions
  • You can only assign a single SNC name to a user account in the SAP system.

    With this restriction, you can be sure that each user in the SAP system also has a single identity with the external security product. This is necessary for monitoring user actions, for example, for auditing purposes.

  • In releases prior to Release 4.5, do not assign the same SNC name to multiple users in a single  client in the SAP system. If you do, we cannot guarantee the user will be correctly mapped in the SAP system.
  • As of Release 4.5, you can suppress the initial logon screen if the system can map the SNC user name to a single user in the SAPsystem (provided that the parameter snc/force_login_screen= 0). If the SNC name matches several users in the SAPsystem, then a logon screen appears where the user can select the correct account to use (see Suppressing the Logon Screen).
Prerequisites
  • SNC needs to be activated in the SAP system (snc/enable = 1).
  • If you want to allow password logon for certain users, then the profile parameter snc/accept_insecure_gui must be set to the value U.
Procedure
  1. Start transaction SU01.
  2. Choose the SNC tab.
  3. Enter the SNC name in the SNC name field. You can enter a longer name by choosing the symbol for Change SNC-Name.
    Note

    We do not recommend using SNC names that are longer than 80 printable characters. For more information, see SAP Note 184277.

  4. Determine if you want to allow password logon over SNC.

    Select Allow Password Logon for SAPGUI (user-specific) if you want to allow logon with user ID and password for the user.

    Note

    This option is only effective if the profile parameter snc/accept_insecure_gui is set to U.

  5. Save your entries.
Result

The SAP system automatically updates the user ACL (table USRACL) and generates the user's SNC name in canonical form. If no errors occurred, then the system activates the Canonical name determined indicator and displays the length of the SNC name. An error may occur, for example, if the SNC name contains syntax errors.

Note

As an alternative, you can use transaction SM30 to directly enter the SNC names in the USRACL table.