For each user who logs on to the SAP system using SNC, you must establish a relationship between the SAP system user ID and the external user name (SNC name).
· You can only assign a single SNC name to a user account in the SAP system.
With this restriction, you can be sure that each user in the SAP system also has a single identity with the external security product. This is necessary for monitoring user actions, for example, for auditing purposes.
● In releases prior to Release 4.5, do not assign the same SNC name to multiple users in a single client in the SAP system. If you do, we cannot guarantee the user will be correctly mapped in the SAP system.
● As of Release 4.5, you can suppress the initial logon screen if the system can map the SNC user name to a single user in the SAP system (provided that the parameter snc/force_login_screen = 0). If the SNC name matches several users in the SAP system, then a logon screen appears where the user can select the correct account to use (see Suppressing the Logon Screen).
● SNC needs to be activated in the SAP system (snc/enable = 1).
● If you want to allow insecure communications for certain users, then the profile parameter snc/accept_insecure_gui must be set to the value "U".
To assign the relationship between the user ID in the SAP System and the SNC name, use transaction SU01.
...
1. Choose the SNC tab page.
2. Enter the SNC name in the SNC name field. You can enter a longer name by choosing the symbol for Change SNC-Name.
We do not recommend using SNC names that are longer than 80 printable characters. For more information, see SAP Note 184277.
3. Select Insecure communication permitted if you want to allow insecure logons for the user.
This option is only effective if the profile parameter snc/accept_insecure_gui contains the value "U".
4. Save the SNC data.
The SAP system automatically updates the user ACL (table USRACL) and generates the user's SNC name in canonical form. If no errors occurred, then the system activates the Canonical name determined indicator and displays the length of the SNC name. An error may occur, for example, if the SNC name contains syntax errors.
As an alternative, you can use transaction SM30, view USRACL, to directly enter the SNC names in the USRACL table.