03-24-2010 11:11 AM
Dear Basis Gurus,
requirement:
Decentralisation of user administration. Local site admins should only be able to administrate users belonging to special user groups.
What I have done:
Generated a new role via pfcg for transaction su01 and object s_user_grp. Activity for s_user_grp = 02. Up to this point this works without any problems.
But trying to limit the role to a certain user group (s_user_grp => class), this doesn't have any effect for the local site admins. They are still able to change all user data, nevertheless if the users are member of another group or not (group membership via sugr).
Please advice.
thanks and regards..,
sven
03-24-2010 12:02 PM
Hi
You need to maintain the user group in 'Logon Data' tabpage under User group for authorization check.
Regards
Lakshmi
03-24-2010 11:24 AM
The group memebership must be declared in SU01-CLASS to take effect on S_USER_GRP.
03-24-2010 11:58 AM
03-24-2010 12:02 PM
Hi
You need to maintain the user group in 'Logon Data' tabpage under User group for authorization check.
Regards
Lakshmi
03-24-2010 12:15 PM