cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How do I disallow user from changing passwords through su01?

Former Member

on ‎09-05-2008 7:23 AM

0 Kudos

Dear Basis Gurus,

Requirement: Authorization needs to be given to end-user to lock a particular user only. This has been done through pfcg and works perfectly for all the su01 options.

User is not allowed to create/copy/delete users. He is able to lock and unlock too.

But the only thing is that he is also able to change the password too. How do I stop this? Is there any authorization?

Thanks

M

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Esha1
Active Participant
‎09-07-2008 5:46 AM
0 Kudos

Hi

From the tcode Se93 you can check the authorization object of the transaction and corresponding authorization related to that transaction.

From this you can take 05 from the authorization profile object to prevent any change of the passwords.

Kind Regards

Show replies
Show replies
Former Member
‎09-10-2008 6:43 AM
0 Kudos

S_USER_GRP Activity ACTVT ---> If I dont select any value here, then the system does not allow the user to change the passowrd.

Moment I select only the value 05 here (that is LOCK), the user allows the user to both lock the users and also change the passwords. But he is not allowed to create/copy/delete. Strange!!!

Any tips here for allowing only LOCK to be functional ....

Thanks

M

Former Member
‎09-05-2008 5:55 PM
0 Kudos

hi there, you have to create or edit role and

give assign/ edit the authorization

02: Edit

03: Display

05: Lock or unlock user

06: Delete a user master record

08: Display user change records

thanks

Show replies
Show replies
Former Member
‎09-05-2008 7:36 AM
0 Kudos

Hi,

Pls remove object value 02 form the user.

Anil

Show replies
Show replies
Former Member
‎09-05-2008 7:48 AM
0 Kudos

If this user authorization pertains to S_USER_AUT, then 02 value is not present.

Thanks

M

Former Member
‎09-05-2008 8:18 AM
0 Kudos

Hi Mudiyanur,

Remove the value 02 from authorization object S_USER_AUT.

Regards

Ashok

Former Member
‎09-05-2008 8:39 AM
0 Kudos

Hi Ashok,

As mentioned earlier, the value 02 is not present in the authorization object S_USER_AUT.

Thanks

Satyaprakash

Former Member
‎09-05-2008 9:23 AM
0 Kudos

Hi,

Remove Value 05 from authorization object S_USER_GRP

Ask a Question