06-18-2010 7:43 PM
Dear Gurus,
I am looking for a possible method to allow users to change certain parameters in their user master record. I am aware of the t-code SU3, in which the user is allowed to maintain his/her own data. However, this t-code allows access to not only the Parameters tab, but also to Address and Defaults as well. Furthermore (as mentioned above), I am looking to only allow users to change certain parameters.
If this functionality is not delivered in SAP, is there any possibility in programming some sort of modification/add-on?
Thanks!
06-18-2010 8:50 PM
Hi
Since these are the technical details for the Paramid
USPARAM
Struct.
PARID
MEMORYID
This is a table structure and the field name PARID is not a security enabled field name
the best option will be to create and customize "ZUSPARAM" program
You will need developers help to achieve this.
Edited by: Franklin Jayasim on Jun 18, 2010 9:53 PM
06-18-2010 8:50 PM
Hi
Since these are the technical details for the Paramid
USPARAM
Struct.
PARID
MEMORYID
This is a table structure and the field name PARID is not a security enabled field name
the best option will be to create and customize "ZUSPARAM" program
You will need developers help to achieve this.
Edited by: Franklin Jayasim on Jun 18, 2010 9:53 PM
06-18-2010 10:06 PM
Franklin, I am not sure I fully understand the response. What is meant by the "Pyramid"? Is it that you are are listing a table with some fields? Also, I agree that developer support may be required to program a custom program/report for this. The program you listed (ZUSPARAM) is probably custom to your system - did your developer use any program for reference when creating ZUSPARAM?
06-22-2010 10:16 PM
Hi Benjamin Seto,
Sorry I just saw your message , what I wanted to explain was that the PARAMID ( the place where the user will be allowed to make his entry) does not have an authority check the best way was to create a custom program to achieve your need.
Yes the Z program is specific to the system and business requirement.
Custom program will be the solution was my recommendation.
06-18-2010 9:22 PM
Ben,
You can also use SU50 (default) and SU51 (address).
SU0 and SU1 instead of SU3 so they can still maintain defaults and address data.
or
You can try with User exit
Note: we dont give access to users to change there parameters. Any changes to parameter will go thru security team.
Thanks,
Sri
06-18-2010 10:08 PM
sri, thanks for your response. The t-codes you listed (SU50, SU51, SU0, and SU1) are great but they do the opposite of what I am looking for. I am looking to allow users to change only certain line items in the Parameters tab (those t-codes listed exclude the Parameters tab). I do agree a User Exit may be needed. Would you have any pointers as to where I can begin looking into what is required for such a User Exit? As I am not a developer, my knowledge in that area is quit lacking.
06-19-2010 12:03 AM
Hi,
I doubt that you will find a suitable user exit. There are not that many user exits for user management. One way how you can try to avoid this limitation is to use enhancement framework. You need somebody with decent ABAP skills. I would prefer to go with custom transaction which will perform additional checks. API for user management is very well [documented|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/668e6629-0701-0010-7ca0-994cb7dec5a3].
Cheers
06-19-2010 5:38 AM
Hi Ben,
I agree with martin,we might not find suitable user exit. Best option is go with customer authorization object.
or
In Su3 the address tab / default tab global fields should be grey out(i.e changes should only happen from SU01),but the user should able to change the parameter. thru su3 (you talk with the ABPER whether this type of configuration is possible or not).
or
Remove the SU3 from all the users, any changes to parameter need to go thru security team.
Thanks,
Sri
06-20-2010 2:05 PM
You are or have been using PIDs for the wrong purpose.
You can give the user the option to SET a parameter in the respective transactions which GET it or as a workaround create your own utility to maintain a subset of them only, but you should try to get away from this concept.
If you want to use UI visibility as a security layer, then use "Personalization keys" which an admin can assign to users or to groups of them via roles.
Cheers,
Julius
06-21-2010 5:15 PM
@Martin Voros: Thanks very much for the link to the user management API reference. I guess getting an ABAPer to create a custom transaction is probably one of the approaches I can use.
@Julius Bussche: So if I understand correctly, do you mean that providing users with the ability to set certain parameters within certain transaction codes is a better alternative than allowing them to directly edit these within their user master record?
06-21-2010 10:38 PM
What I meant is that it is an existing alternative, even if you prevent them from setting the parameters directly via SU3 or a user BAPI.
PIDs are user preferences - they can change their minds so should not be used for real security which is to be enforced by the system.
Cheers,
Julius
06-21-2010 10:50 PM