Skip to Content
0
Former Member
Jun 03, 2011 at 05:25 AM

Modify SU01 access to change only some attributes

627 Views

Hi,

We have an ECC system where we do user admin using our support roles. User creation and role assignment happens through GRC, so we only need to do small support activities with our Security admin user accounts.

I have a new requirement that support users should not have access to the following functions in production:

1. Update SNC name

2. Change the valid to date on users.

3. Change user group

Is there a way to make modifications at object level to delimit access to above three functions but give access to change all other items in user master data? Like say Last name, email etc...

I tried to remove change access (ACVT 02) from S_USER_GRP object but that completely takes away change mode from su01.Does anyone know another way to attain this by limiting change mode only on the above fields and not all fields in user account?

Soumya