I assume you mean users accessing the backend system from /BODS/.
You will have to assign them to an SU01 group called BODS in the backend and give the admin access to that group only. All other users must be restricted to at least a DUMMY group if they are not in any other group.
But this has limitations because you can only have 1 group per user which is auth relevant... so you have two tweak options:
1) Use a naming convention in the 1 user group assigned but it is checked from left to right in the field. So BODS* might not be able to depict what you want and is anyway too complicated to survive.
2) Use the groups tab instead of the group field (logon data tab). Then create an own application which uses BAPI_USER_GET_DETAIL (or LIST) for the groups tab assigned to BODS (multiple entries possible) and then restrict the fields / roles / etc which the BODS admin can make changes to in your own application logic -> updates via BAPI_USER_CHANGE.
(in the case of 2, the BODS admin must not have direct access to SU01, or SU10 or SU01_NAV etc nor the BAPIs via RFC -> only locally from your application as an entry point).
Cheers,
Julius
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.