Dear All,
We noticed there is a user who is taking advantage of his access using an RFC from quality system to remotely logon to PRD system using a dialog emergency user and he performs changes at the PRD system with the SAP edit action so he doesn’t leave traces for his actions.
He use a user designed for emergency access so the user has the debug option enabled.
We want somehow through SMGW and secinfo file to restrict this kind of access.
We have tried a rule of Deny type with the source hostname as the USER-host but with no success.
The entry we see at active connections is the below:
sapgw04 172.XX.X.XXX sapgw03 EMERG Connected SAPLOGON
Can you please assist on that?