cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Block Unlock option in CJ02 for few users

Former Member

on ‎05-10-2012 7:27 AM

0 Kudos

Dear All,

I want to restrict unlock option in CJ02, we want this option should be allowed only to few users. How can we achieve this ?

regds,

CB

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎05-14-2012 10:15 AM
0 Kudos

Hi,

Adding to what Amaresh mentioned, you can create Authorization Key in BS52 and mention that Auth Code in Status Profile (Against Respective Status Line item).

Then take the help of Basis people to manage the role (PFCG). For the 'unlock role', add auth objects B_USERSTAT and B_USERST_T with above autherization key.

Reg/ Tony

Show replies
Show replies
Makal
Active Contributor
‎05-10-2012 8:06 AM
0 Kudos

CB,

There are two ways to achieve this:

#1:  As Gokul advised, you may take the help of your basis/ security consultant, control it using appropriate authorization object.

#2: Another easy way is using user status. Please refer the screen shot, you can achieve it.

Best Regards,

Amaresh Makal

Show replies
Show replies
Former Member
‎05-14-2012 5:00 PM
0 Kudos

Hi,

I prefer to go the user authorization instead of user status. User status bit of complicated.

test the test ID and find out the object which is not letting user to go ahead, pass on the SU53 screen shot to Basis team to add missing objects into roles.

Regards,

Sudhakar

Makal
Active Contributor
‎05-14-2012 5:27 PM
0 Kudos

Hi,

I still prefer user status profile, along with authorization code maintenance in BS52.

Here person responsible for the project (project manager/ project sponsor/ project owner) can be authorized for the user statuses (via authorization code, assigned to that person's role & profile).

He can set the appropriate user status and decided who can act on the project on that particular status.

I have worked on both "roles & authorization"  and combination of "user status profile + Authorization code + roles & authorization" .

As I mentioned earlier, I prefer the second option, where in I have control at each stage of the project and at each stage only authorized person execute only allowed transactions.

Regards,

Amaresh Makal

Former Member
‎05-10-2012 7:42 AM
0 Kudos

Talk to your basis guys. They should be able to help. You can handle it by way of authorizations.

Show replies
Show replies
Former Member
‎05-10-2012 8:49 AM
0 Kudos

I searched to get the authorization object, but couldn't. Can you help me

Former Member
‎05-10-2012 9:05 AM
0 Kudos

Simplest way of getting the required authorization object is to create a test role with limited privileges and then run CJ02. If you get an error that you do not have the authorization to this tcode immediately run SU53 and you will get the required info. Pass this on to your basis guys and ask them to do the needful.

You can also refer the thread below which lists down all the standard SAP Roles for the PS module.

http://help.sap.com/erp2005_ehp_04/helpdata/EN/41/4388389f402852e10000009b38f842/frameset.htm

Makal
Active Contributor
‎05-10-2012 10:23 AM
0 Kudos

You are unnecessarily complicating your requirement.

In my previous reply, I mentioned you can achieve it by user status.

Let me add little more to it. You can give authorization code to each of these statuses. Assign these 'authorization codes' to the people, who can perform lock/ unlock operation. Other people who do not have these 'authorization codes' will not be able to act on lock functionality.

Regards,

Amaresh Makal

Ask a Question