03-31-2010 6:48 AM
Hello Gurus,
The end user needs SU01 to update authorization limits for users by going into the personilsation tab and giving approval limits. As this is a critical security tcode. Please let me know if there is any alternative for SU01 or Is there any other way of restricting SU01.
Thank you !
Regard's,
Salman
04-07-2010 4:46 PM
Salman,
Is there a reason why you wouldnt want to use the "Personalization" settings on the Security Roles instead. You can create derived roles for specific set of values on the limits.
Thanks.
Matt
04-06-2010 1:36 PM
Hi,
In the Authorization Role Check- S_USER_AGR
there is an option for changing the Activity...
Enable the ones which are needed for the user to restrict the end users access.
Feel free to get back,
Thanks and Regards
Jaianandh V
04-07-2010 7:48 AM
Hi,
you can't add an authorization to your users just to extend validity interval of already assigned roles. If you really need this functionality then you can develop your own simple transaction to modify validity intervals for user's roles. There is BAPI for role assignment.
Could you tell us your motivation for your requirement? Maybe there is another solution.
Cheers
04-07-2010 1:26 PM
if i get you right you want end-user to change the validity date of roles,
i t think this is a severe security hazard, never let end user change any thing in rols assignments
04-07-2010 3:43 PM
Can't it be set by Security administrators? Have you considered any problems in doing so? If user's can set their own limit, I don't see any point in having the limit at all
Regards,
Gowrinadh
04-07-2010 4:46 PM
Salman,
Is there a reason why you wouldnt want to use the "Personalization" settings on the Security Roles instead. You can create derived roles for specific set of values on the limits.
Thanks.
Matt