Skip to Content

How to provide only User Alias Mapping to a User in SAP BOBJ

Hello Experts,

I need to assign Only Alias Mapping Authorization to an User in BOBJ. Could you please suggest how I can achieve the same.

I am new to SAP BOBJ so could you please also suggest some links and pdf to getting started with it.

Regards,

C Kumar

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Oct 03, 2017 at 05:32 PM

    What you're after is commonly referred to as a delegated admin. You can use a Custom Access Level for this, or assign rights directly. Directly-assigned rights might be sufficient if your requirements aren't too complex.

    I would suggest creating a Delegated Admin group, add your user to the group, and then grant the group the appropriate rights.

    You'll need to grant the rights at the top level of both Users and User Groups (CMC -> Users and Groups -> Manage -> Top level security -> All Users, then All Groups).

    The simplest way to do this is to give the group Full Control over both Users and User Groups. However, this may be more than what you want, as it would grant the ability to delete users, change passwords, and add/delete groups.

    At a minimum, in All Users, the group would need to the following rights granted:

    • Edit objects
    • View objects
    • Add objects to the folder
    • Add or edit user attributes

    For User Groups, it needs:

    • View objects
    • Add objects to the folder
    • Edit objects

    You could also do limited deleted admins -- instead of granting the above User Group rights at the top level, just assign it to a particular group. This would allow the deleted admin group the ability to add/remove users from this group only.

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 03, 2017 at 05:40 PM

    Thanks Joe for Answer!

    Yes I tried the same way you suggested -

    "The simplest way to do this is to give the group Full Control over both Users and User Groups. However, this may be more than what you want, as it would grant the ability to delete users, change passwords, and add/delete groups."

    But as per the business requirement, user mustn't have delete users, change passwords, and add/delete groups authorization. How to limit this.

    Another query - how we can limit the access to only user creation.

    Add comment
    10|10000 characters needed characters exceeded