Solved: Additional custom tab in SU01

Former Member · ‎01-09-2011

Hello,

I am looking to add one customized tab in Su01 user window where we can maintain information about making any changes to user. For e.g if we are adding any role to a user, we can maitain the date, req number, etc. This is like a desc box which we have in PFCG to maintain long text. Or maybe we can modify existing tab in SU01 to include one long text box.

I tried to find the solution and came across where we have to modify the program SAPLSUU5 and create user exists, but not in much detail.

Please anyone can provide exact details about how this be done.

Thanks,

Sanjay

Former Member · ‎01-09-2011

There are some hidden fields in the SU01 package such as the responsible iset for the role etc but the UIs are else where (see Frank's post).

Genetally you can use the "Description" field for change explananations and comments, as well as the change documents in the source system (see the menu options).

This requires some discipline but works well, particularly the explanations for the changes (which forces folks to think about making them...).

You will need to police it for a while, but it makes sence so the role admins dont want to make stupid changes or have change docs which they could not explain.

I normally check the manual and changed authorizations regularly in AGR_125* tables once a week to catch the clowns early on...

Cheers,

Julius

Former Member · ‎01-09-2011

For e.g if we are adding any role to a user, we can maitain the date, req number, etc.

Hi,

As for your first requirement to maintain date when an user account is changed, SAP standard table USR02 or even change documents of user ids(report RSUSR100) already records that information.

For documenting the Request reference number for the change we used the Accounting number field in SU01 in my previous implementation. Each time user id was changed the new request number was entered to overwrite the earlier one. Any change to this field gets reflected in users change document which can be easily sorted as per date.

Accounting number field is meant to be an account name or number of your choice. The user appears in the RZ accounting system (ACCOUNTING EXIT) under this number as per SAP documentation. A recommended account number can be user’s cost center or company code, for example.

Upto release 640, report RSSTAT10 was used to provide statistical records (even for account names if required) but I think this has been discontinued from release 700.

You may try this option to avoid any customizations for SU01.

Thanks

Sandipan

Former Member · ‎01-09-2011

Hi

I think this is a really good question, there doesn't appear to be any long text field to add a little of your own 'why I did this' to show to audit. IMO it think it would be handy (not as low as a nice to have) to have the option of some free text outside of the Function/Room etc fields. Is this available in ECC* version yet?

Cheers

David

koehntopp · ‎01-09-2011

Sanjay,

what you're trying to do is the beginning of what we call "Identity Management".

SU01 is probably the wrong place for this, as the trigger for the change might be outside of SAP, and/or may affect more than one system. I.e. if you're trying to trace back changes to a person you still need to collect the information from multiple sources.

Have a look at Netweaver Identity Management, it might be what you're looking for, and it's able to cope with LOTS of systems.

http://www.sdn.sap.com/irj/sdn/nw-identitymanagement

Frank.

Former Member · ‎01-09-2011

There are some hidden fields in the SU01 package such as the responsible iset for the role etc but the UIs are else where (see Frank's post).

Genetally you can use the "Description" field for change explananations and comments, as well as the change documents in the source system (see the menu options).

This requires some discipline but works well, particularly the explanations for the changes (which forces folks to think about making them...).

You will need to police it for a while, but it makes sence so the role admins dont want to make stupid changes or have change docs which they could not explain.

I normally check the manual and changed authorizations regularly in AGR_125* tables once a week to catch the clowns early on...

Cheers,

Julius

Former Member · ‎01-11-2011

>


> There are some hidden fields in the SU01 package such as the responsible iset for the role etc but the UIs are else where (see Frank's post).
> 
> > Genetally you can use the "Description" field for change explananations and comments, as well as the change documents in the source system (see the menu options).
> 
> This requires some discipline but works well, particularly the explanations for the changes (which forces folks to think about making them...). 
> 
> Cheers,
> Julius

Dear ...Dear Julius........this was too inviting not to comment........this should make it to the coffee corner, I know it is a typo error, but a alphabet here or a alphabet there would have been disastrous

Former Member · ‎01-11-2011

That wasn't me! It was iPhone's keyboard and no support for the spell-shekar popup...

Sorry about the mistake!

Former Member · ‎01-12-2011

I agree with Julius comments "You will need to police it for a while".

Let me add a point in on of the project when I was a junior level was instructed to use any of the you get when you click on "Other Communication Method" button under Address tab in SU01 for the same purpose which you were asking.

Any of the below method allows you multiple entries.

FAX Fax

INT E-Mail

MOB Mobile Telephone

PAG Pager Services

PRT Printer

RML Remote Mail

SSF Secure Store & Forw.

TEL Telephone

TLX Telex

TTX Teletex

URI URL (Homepage)

X40 X.400

PS: This is not ant standard procedure or recommendation just a smart work around that we used to do.

Use at your own risk

Cheers,

Bharath.