Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

su01 - authority check for the object s_user_grp

Go to solution
Former Member

‎03-24-2010 11:11 AM

0 Kudos

Dear Basis Gurus,

requirement:

Decentralisation of user administration. Local site admins should only be able to administrate users belonging to special user groups.

What I have done:

Generated a new role via pfcg for transaction su01 and object s_user_grp. Activity for s_user_grp = 02. Up to this point this works without any problems.

But trying to limit the role to a certain user group (s_user_grp => class), this doesn't have any effect for the local site admins. They are still able to change all user data, nevertheless if the users are member of another group or not (group membership via sugr).

Please advice.

thanks and regards..,

sven

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎03-24-2010 12:02 PM

0 Kudos

Hi

You need to maintain the user group in 'Logon Data' tabpage under User group for authorization check.

Regards

Lakshmi

4 REPLIES 4

Go to solution
Former Member

‎03-24-2010 11:24 AM

0 Kudos

The group memebership must be declared in SU01-CLASS to take effect on S_USER_GRP.

Go to solution
Former Member
In response to Former Member

‎03-24-2010 11:58 AM

0 Kudos

I assign the groups in SU01-Groups. This is not correct?

thanks..,

Go to solution
Former Member

‎03-24-2010 12:02 PM

0 Kudos

Hi

You need to maintain the user group in 'Logon Data' tabpage under User group for authorization check.

Regards

Lakshmi

Go to solution
Former Member
In response to Former Member

‎03-24-2010 12:15 PM

0 Kudos

Hi Lakshmi,

thanks! That solved my problem.

regards..,

sven