Change url BSP-application

Question: Dear all,

When starting a BSP-application in internet explorer, without any restrictions in authorisations, it's possible to change the url manualy in IE. This way it's possible to start other bsp-applications that are not in the menu (if the user knows the number of the report).
How can you 'lock' this url so that the user can not change it manualy?
When working with the SAP-gui it's not a problem.

Thanks in advance.

Answer:
Harry,

Easiest way is to make sure your users do not have superuser access either on the portal or on the backend system. Don't rely on your portal to promote your security strategy. If they try to run a BSP via the URL, they are still going to have to be authenticated on the backend system for the data they want to pull.

i.e. if you user runs BSP "gethrdata" via url /gethrdata, which uses IAC transaction PA30, and your user bypasses their workpackages and iviews, they will still need to be authenticated on the backend to pull the PA30 data. Same for BW, CRM, SEM, etc data.

Best practice is to configure your backend security to match your portal. Only give your users what they need to run their IViews, and that's it. Hope this helps.

Kind Regards,
Wayne Miller
_________________