EDUCAÇÃO E TECNOLOGIA

Avoiding rdisp/gui_auto_logout timeouts for selected users

Hi Martin,
as long as I know, the parameter rdisp/gui_auto_logout is Instance related and affects to all the users connected to the instance. Please confirm that there is not possible to exclude just one user from this setting.

They’re right. Having said this, there is a way around this for selected users, but you do need to bear in mind the purpose of the rdisp/gui_auto_logout parameter;

  • Not only does it prevent the user from holding resources (because an unused session still takes up a small amount of storage and other resources), it is designed for the protection of the user themselves.
  • If the user’s session remains logged in, then when / if they walk away, the session and their logon is available for anyone else. Anything thing done in this session by a “walk by” will be recorded under the original user’s login.
  • Also, if we prevent the user from being logged out by a timeout, they will need to ensure they perform their own logoff at the end of their work day.
  • From a security perspective, you MUST have rules and processes in place to ensure that the next operator uses their own login and does not simply “swap seats” and continue using the original operator’s user.
  • This means that if you enable this functionality, then you need to make sure it is secured and can only be executed by a select few people.

Because of the security implications, note the built in Authorization Check. If you don’t understand the need for the AUTHORITY-CHECK, do not implement the program.

  • Add the Authorization Object via transaction SE21,
  • Add the Authorization Object to appropriate roles in transaction PFCG; Either
    • Select one or more roles used by the users requiring this functionality,
      Add the required user to the Authorization Object for that role.
    • or create a new role containing this object and add it to the appropriate users.
REPORT Z_TIMEOUT. PARAMETERS: P_SLEEP type i default 300. AUTHORITY-CHECK OBJECT 'Z_TIMEOUT' ID 'USER' FIELD SY-UNAME. IF SY-SUBRC NE 0. MESSAGE 'Unauthorized User' TYPE 'E'. EXIT. ENDIF. WHILE 1 = 1. WAIT UP TO p_sleep SECONDS. CALL FUNCTION 'SAPGUI_PROGRESS_INDICATOR' EXPORTING percentage = 0 text = 'Keep alive'. ENDWHILE.

Logon and open a new mode.
Run this program in one SAP GUI mode.

If the user passes the AUTHORITY-CHECK, the Function Module SAPGUI_PROGRESS_INDICATOR will write to the SAP GUI Status line, and keeps the SAP GUI session alive (including any other modes), so long as the value entered in P_SLEEP is less than the rdisp/gui_auto_logout value.

hth