Skip to Content
avatar image
Former Member

How do I disallow user from changing passwords through su01?

Dear Basis Gurus,

Requirement: Authorization needs to be given to end-user to lock a particular user only. This has been done through pfcg and works perfectly for all the su01 options.

User is not allowed to create/copy/delete users. He is able to lock and unlock too.

But the only thing is that he is also able to change the password too. How do I stop this? Is there any authorization?

Thanks

M

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • avatar image
    Former Member
    Sep 05, 2008 at 06:36 AM

    Hi,

    Pls remove object value 02 form the user.

    Anil

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 05, 2008 at 04:55 PM

    hi there, you have to create or edit role and

    give assign/ edit the authorization

    02: Edit

    03: Display

    05: Lock or unlock user

    06: Delete a user master record

    08: Display user change records

    thanks

    Add comment
    10|10000 characters needed characters exceeded

  • Sep 07, 2008 at 04:46 AM

    Hi

    From the tcode Se93 you can check the authorization object of the transaction and corresponding authorization related to that transaction.

    From this you can take 05 from the authorization profile object to prevent any change of the passwords.

    Kind Regards

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      S_USER_GRP Activity ACTVT ---> If I dont select any value here, then the system does not allow the user to change the passowrd.

      Moment I select only the value 05 here (that is LOCK), the user allows the user to both lock the users and also change the passwords. But he is not allowed to create/copy/delete. Strange!!!

      Any tips here for allowing only LOCK to be functional ....

      Thanks

      M