09-02-2010 6:16 PM
Hi Experts,
When using SU01 transaction, I want to restrict the user,so that the user should only view the details. what are the object and filed values required?
Also sometimes,I have seen in SU01 transaction only the display button(no create or change button) is there and In some systems all the create,change and display buttons will be there, but the user will have access only to view it.
What is the difference between the two methods. what are the different objects used to control it.
Regards,
Rajeev.
09-02-2010 6:27 PM
Look at S_USER_GRP Authorization object and it activities. You will understand it.
For example if a user has SU01 but S_USER_GRP has activity just as 05 then he will only be able to lock /unlock and password reset a user. If he only has activity 03 in this object then he can only display a user id even though he has SU01.
Also when you only see Display tab, I suspect you might be just looking at SU01D
Edited by: Nishant Sourabh on Sep 2, 2010 7:27 PM
09-02-2010 6:28 PM
Control this with S_User_grp object activity 03 display only. If you want create change access, give activity 01,02, 05 also.
09-02-2010 7:02 PM
If you are working with CUA and global settings are done to change /delete user from CUA only then all linked child system will have these buttons disabled.
If you are not having CUA then you do not have change activity enabled for your user/Roles.
09-03-2010 1:21 AM
The reason behind this is because SAP tries to make the visibility of the screen intuitive. Otherwise people "click around" and complain. If you are not authorized (at all) then you don't have visible options in the user interface of the screen.
If the icons do appear, then Su53 is normally your friend to find out what values you have to be able to use the transaction, as compared to being able to start it (which loads the screen variants).
Perhaps you cannot edit a certain protected user (via their S_USER_GRP group), but you can change passwords and user types of TEST user group users.
Another posibility is...
> and In some systems all the create,change and display buttons will be there
The screens are modified, user specifically via screen variants. There are some limitations here but it can be used for several activities.
It is usefull in CUA environments where you use the "simplified" authority check scenario.
It actually works quite nicely in my opinion but you need to be carefull with navigation of the users (for example the user BAPI's, which do not have screens nor transaction codes.
Cheers,
Julius
Edited by: Julius Bussche on Sep 3, 2010 2:22 AM
09-03-2010 12:55 PM
Rajeev,
Have you considered giving them SU3 instead of SU01? The advantage is that the users can then maintain their own personal data (address, phone etc) change passwords, and parameters, but not make changes to roles etc as they won't see the specific details.
09-03-2010 4:50 PM
09-14-2010 7:00 AM
Try this create role with tcode su01 transaction and maintain objects as below
S_C_FUNCT
ACTVT 16
CFUNCNAME *
PROGRAM *
S_USER_AGR
ACTVT 03
ACT_GROUP *
S_USER_AUT
ACTVT 03, 08
AUTH *
OBJECT *
S_USER_GRP
ACTVT 03
CLASS *
S_USER_PRO
ACTVT 03
PROFILE *
S_USER_SAS
ACTVT 01, 06, 22
ACT_GROUP *
CLASS *
PROFILE *
SUBSYSTEM *
Regards
Siddhesh
09-22-2010 6:37 PM
Hi
This thread is still unanswered even though over a week since the last reply came in so I thought I'd chuck in my tuppence worth :-)!
Which users/user groups are using SU01? Are they support/admin people or business users please?
If support and you want to restrict their access to certain user groups to create/change or display for some then this has been answered already - SU01 has many objects to keep users in check (as does PFCG). If the users are business users then, again SUN has offered the only real option - SU01D
Cheers and good luck
David
09-24-2010 1:13 AM
Hi Rajeev
Are there any more answers needed to your question please?
Cheers
David
08-11-2022 7:00 AM
Hi Rajeev,
The deference between SU01 and SU01D
1) SU01
In the Home Screen of SU01 T-Code is having many options like Create new user, create technical user, Edit , Display, Delete, copy , lock/unlock and change password. ( shown below screen short)
2) SU01D
In the Home screen of SU01D transaction code having only unique option , that is Display (shown below screen short)
Result : SU01 T-Code is having lot off options but SU01D T-code is Display option only
In case any further support concern to me