Skip to Content
0

How to provide only User Alias Mapping to a User in SAP BOBJ

Oct 03, 2017 at 03:47 PM

77

avatar image

Hello Experts,

I need to assign Only Alias Mapping Authorization to an User in BOBJ. Could you please suggest how I can achieve the same.

I am new to SAP BOBJ so could you please also suggest some links and pdf to getting started with it.

Regards,

C Kumar

10 |10000 characters needed characters left characters exceeded

Can you please clarify what you're trying to do?

0

Thanks for reply Joe!

Sorry If I am not clear regarding my query as I am new to BOBJ.

Actually I have to provide only provisioning access to a user in BOBJ. Please help me to achieve this.

0

Eh, still not clear. Do you mean you want the user to only have the ability to create other user accounts?

0

Yes Joe and apart from this he should be able to assign the group too, Similar

to SU01 access in SAP ECC.

0
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Joe Peters Oct 03, 2017 at 05:32 PM
0

What you're after is commonly referred to as a delegated admin. You can use a Custom Access Level for this, or assign rights directly. Directly-assigned rights might be sufficient if your requirements aren't too complex.

I would suggest creating a Delegated Admin group, add your user to the group, and then grant the group the appropriate rights.

You'll need to grant the rights at the top level of both Users and User Groups (CMC -> Users and Groups -> Manage -> Top level security -> All Users, then All Groups).

The simplest way to do this is to give the group Full Control over both Users and User Groups. However, this may be more than what you want, as it would grant the ability to delete users, change passwords, and add/delete groups.

At a minimum, in All Users, the group would need to the following rights granted:

  • Edit objects
  • View objects
  • Add objects to the folder
  • Add or edit user attributes

For User Groups, it needs:

  • View objects
  • Add objects to the folder
  • Edit objects

You could also do limited deleted admins -- instead of granting the above User Group rights at the top level, just assign it to a particular group. This would allow the deleted admin group the ability to add/remove users from this group only.

Share
10 |10000 characters needed characters left characters exceeded
C Kumar Oct 03, 2017 at 05:40 PM
0

Thanks Joe for Answer!

Yes I tried the same way you suggested -

"The simplest way to do this is to give the group Full Control over both Users and User Groups. However, this may be more than what you want, as it would grant the ability to delete users, change passwords, and add/delete groups."

But as per the business requirement, user mustn't have delete users, change passwords, and add/delete groups authorization. How to limit this.

Another query - how we can limit the access to only user creation.

Show 2 Share
10 |10000 characters needed characters left characters exceeded

If you grant the explicit rights as I listed in my answer, then they won't be able to delete users, or add/delete groups.

By default, users only have access to what you give them. So if your delegated admin isn't granted any other access, then they won't be able to do anything else.

1

Thanks Joe for suggestions!

Let me work on the suggestions provided and will update here.

0