Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Controlling user Administration

Former Member

‎03-09-2009 5:01 AM

0 Kudos

Hi Experts,

I have a scenario, I want to know if I can do anything in the situation given below.

Let us assume there are two teams which have access to SU01 to lock/unlock user accounts. The first one lets say L1 is a general network team which does all password resets. The second one lets say L2 is a SAP Administrators team.

Is there a way by which I could administer somehow that if a user is locked by a administrator in L2 a person in L1 support cant unlock it?

Best Wishes,

CP

4 REPLIES 4

Former Member

‎03-09-2009 5:42 AM

0 Kudos

Dear Chinmaya,

The scenario that you have mentioned is in sync with our Client's support hierarchy. Here is the process that we follow.

The person in the L1 support who is unlocking the user has to first check the reason for locking the user ID. If it is because of too many incorrect password logins or 90 days inactive lock made by admin or any batch job...the L1 support will go ahead and unlock the user ID. But if it is locked by any other administrator, L1 support will check the change documents of the user. From the change docs if they come to know that it is locked by L2 admins, they won't unlock it. Instead if the user wants it to unlock at any cost, they getback to the L2 support and unlock the user ID upon their confirmation.

Hope this clarifies your doubt.

Regards,

Former Member
In response to Former Member

‎03-09-2009 5:45 AM

0 Kudos

Hi Lakshmi,

We already have a similar process in place. but what I am am looking for is a way to override this manual process.

Best Wishes,

CP

Former Member
In response to Former Member

‎03-09-2009 6:25 AM

0 Kudos

Dear Chinmaya,

This is one of the possible options which needs some work to be done on the auths. of the admins.

You can ask the L2 admins to change the user group of the users which they are locking and restrict the admin access (Activity 05 for the object S_USER_GRP) to that user group for L1 support.

Regards,

Former Member
In response to Former Member

‎03-09-2009 7:00 AM

0 Kudos

HI Lakshmi,

This is definately a better option as the SAP administrators tend to be more reliable.. but still I suppose i have to continue looking for a better option.. thanks for your idea..

Best Wishes,

CP