Question:
Hi
Can I make a role that would allow the user in transaction SU01 to:
-Change Valid To -date but nothing else should be possible to change in user data
-Change Password and
-Lock / Unlock user
Thanks for help!
Answer:
Hi,
For this - you have to create a customized authorization object with a new authorization field - GLTGB (Valid date).
And the new authorization object needs to be assigned to TCode SU01, and the program needs to be enhanced with the new authorization object.
Regards,
Arno
Answer:
Thansk for help!
I found also another possibility, though maybe not so neat:
by using BAPI_USER_CHANGE.
Answer:
Easier solution..... create a variant transaction on SU01, where greying-out the non-allowed fields.
No deviation on standard SAP should be needed then
Answer:
I heard that an adventurous user would be able to shed the variant tcode and leave into the core tcode from it.
Anyway, one of the first things SU01 does is checks S_TCODE = SU01.
Tarr
Answer:
If +you choose the variant transaction route you would make your watered down version the default variant for SU01. The pwerful version would be started with a new transaction code that would only be given to standard security administrators.
Of couse this means you only get one watered down version.
Beware of the BAPI solution. You have got to manage a lot of authorization checks to keep that solution safe.
It could be safer just to zap the usr02 table but make sure your solution writes a change document to ush02.
Answer:
Maybe there is an alternate transaction which could be used?