| Restrict Role to unlock/lock
Change Password
How to create role (contain tcode
SU01) and restrict this role to only allow 'unlock/lock users' and 'change
password'. I want to assign this role to admin operator.
Try to create a role (PFCG)
with the authorization object called S_USER_GRP, and assign Lock only in
the activity field.
I don't have any clue about
restricting the Initialization of the Password, If anyone has, pls. share.
I am did the same using Authorizations.
I did as following:
I created a Profile(Tcode: su02)
called "Z:Helpdesk" containing the following:
Y:HLPDSKTCOD : containing the Tcodes:
SU01
(Class: Non-application-specific
Authorization objects
Object: Authorization check for
transaction start)
Y:HLPDSKACT : containing the
Activities 03,05
User group in user master maintenance
"*"
(Class: Basis: Administration
Object: User Master Maintenance:
User Groups)
If you assign this profile to a
user he will be able to reset passwords and also lock/unlock users. Also
assign "su53" Tcode to the user , this will always help. Whenever a user
has some authorization issues, tell him to send a screenshot of "su53".
In that screenshot SAP will clearly mention what all authorizations are
required. To assign "su53" tcode dd the following to
"Y:HLPDSKTCOD"
Y:HLPDSKTCOD : Tcodes: SU01,
SU53
Sameer
I wanted to create a new role
with su01 access only. it works fine through adding it thru the menu tab.
However, I dont want this role to allow
1) removing of users
2) changing of user password
other than himself
I checked through the authorization
tab after entering su01 in the menu tab but did not find what I want.
SU01 user access is controlled via
the object S_USER_GRP .
Deleting users is activity 06.
Changing of password is 05 (also
lock / unlock id).
The object works in conjunction
with the user group that a user is assigned to.
This is always possible for all
users at the login screen by hitting the "new password" button after entering
the correct password, but before hitting enter.
The security is controlled by the
login program. No authorizations required.
SAP Basis Reference Books:
SAP
Basis Components, System Administration, Security, ALE and iDoc Books
Back to Basis Menu:
SAP BC (Basis Components)
Hints and Tips
Return to :-
SAP ABAP/4 Programming,
Basis Administration, Configuration Hints and Tips
(c) www.gotothings.com All material on this site is Copyright.
Every effort is made to ensure the content integrity.
Information used on this site is at your own risk.
All product names are trademarks of their respective
companies. The site www.gotothings.com is in no way affiliated with
SAP AG.
Any unauthorised copying or mirroring is prohibited.
|