Question:
Is there any way that I can authorise a central user to be able to change user defaults & parameters for other users without allowing full access to transaction SU01.
Currently we authorise users to change their own settings via SU50 & SU2, but there seems to be no global transaction that allows a user to do this centrally without opening up access to maintain user roles & profiles which we do not want to allow.
Has anyone got any suggestions for me?
Many thanks in advance
Answer:
You can do this by allowing access to SU01, but not giving S_USER_AGR or S_USER_PRO. That way no roles or profiles can be assigned, but all other data can be maintained (name, address, email etc). You can further limit what user groups access is granted for via S_USER_GRP.
It is probably not a good thing to do this though, but if you need to do it, you need to do it.
Make sure you test thoroughly before letting this loose in the productive environment
Answer:
S_TCODE <OBJ> Authorization check for transaction start
TCD <FLD> Transaction code
SU01
S_USER_GRP <OBJ> User Master Maintenance: User Groups
ACTVT <FLD> Activity
02
03
CLASS <FLD> User group in user master maintenance
whatever
...should give what henrik suggests.
Answer:
Thanks to both of you