Question:
Hi All,
I am trying to restrict transaction SCUL in WP. I check mantained the object S_USER_GRP using transaction SU24 (the object was set to no check) and created a role adding only transaction SCUL and restricting it with an specific user group.
When I run SCUL transaction using a test ID with only the role created, I am still able to see all users. I am also able to do all activities over them (distributing, etc).
I did a trace using transaction ST01 and the object is never checked.
I test my changes also check mantaining object S_USER_SYS, and when doing a trace that object was verified.
Am I missing something here? Do I need to perform another step?
Thanks, Tato.
Answer:
If I recall correctly it is not possible to restrict SCUL in this way as delivered by SAP. SCUL is an admin transaction for processign the failed docs so it would appear to be counter productive to restrict it by user group - even though it is a selection option
What is the risk that you need to control?
Answer:
I have a user admin that should have access only to an specific user group. I don't want them to see or distribute any other users than the ones in that group.
Thks, Tato.
Answer:
Adding an object to SU24 and setting the flag to C/M will not make the tcode start checking the auth object. THe object MUST be in the actual code befoe SAP will check it.
SCULL is not a "general user" tcode it is for admins. THe user should use the central system and look at what is provided in SU01 then S_USER_GRP will restrict. Leave SCUM and SCUL to the admins.