Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

End user needs SU01 to update authorization limits for users

Go to solution
former_member275658
Contributor

‎03-31-2010 6:48 AM

0 Kudos

Hello Gurus,

The end user needs SU01 to update authorization limits for users by going into the personilsation tab and giving approval limits. As this is a critical security tcode. Please let me know if there is any alternative for SU01 or Is there any other way of restricting SU01.

Thank you !

Regard's,

Salman

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎04-07-2010 4:46 PM

0 Kudos

Salman,

Is there a reason why you wouldnt want to use the "Personalization" settings on the Security Roles instead. You can create derived roles for specific set of values on the limits.

Thanks.

Matt

5 REPLIES 5

Go to solution
Former Member

‎04-06-2010 1:36 PM

0 Kudos

Hi,

In the Authorization Role Check- S_USER_AGR

there is an option for changing the Activity...

Enable the ones which are needed for the user to restrict the end users access.

Feel free to get back,

Thanks and Regards

Jaianandh V

Go to solution
mvoros
Active Contributor

‎04-07-2010 7:48 AM

0 Kudos

Hi,

you can't add an authorization to your users just to extend validity interval of already assigned roles. If you really need this functionality then you can develop your own simple transaction to modify validity intervals for user's roles. There is BAPI for role assignment.

Could you tell us your motivation for your requirement? Maybe there is another solution.

Cheers

Go to solution
Former Member
In response to mvoros

‎04-07-2010 1:26 PM

0 Kudos

if i get you right you want end-user to change the validity date of roles,

i t think this is a severe security hazard, never let end user change any thing in rols assignments

Go to solution
Former Member

‎04-07-2010 3:43 PM

0 Kudos

Can't it be set by Security administrators? Have you considered any problems in doing so? If user's can set their own limit, I don't see any point in having the limit at all

Regards,

Gowrinadh

Go to solution
Former Member

‎04-07-2010 4:46 PM

0 Kudos

Salman,

Is there a reason why you wouldnt want to use the "Personalization" settings on the Security Roles instead. You can create derived roles for specific set of values on the limits.

Thanks.

Matt