Solved: Limits in SU01 to user group and locks

Former Member · ‎06-04-2013

Hi,

I've created a user group TEST and TEST2, and a new role in PFCG with only SU01 and only the authorization object S_USER_GRP activated.

ACTVT: 05

CLASS: TEST

One user has been given the role and this is the users only role. However, when running SU01 the user can lock users that are added to TEST2 even though the class limits the user to group TEST.

Can you please help me figure out why this happens?

Also, is it correct that I have to add ALL users to a group to be able to limit editing of users inside one particular group?

Former Member · ‎06-04-2013

I found that it all worked when the user group was set in SU01 instead of SUGR. Tell me, what does the user assignment in SUGR do, if I still have to add the user to the group in SU01? Is it multiple levels to the assignment?

Former Member · ‎06-04-2013

"Also" is correct.

You can read the documentation on objects in SU21 (those which have documentation... 😞 )

Cheers,

Julius

Former Member · ‎06-04-2013

I found that it all worked when the user group was set in SU01 instead of SUGR. Tell me, what does the user assignment in SUGR do, if I still have to add the user to the group in SU01? Is it multiple levels to the assignment?

Former Member · ‎06-04-2013

SUGR assignments are obsolete. They only are relevant for reporting groups (same f4 -> see groups tab in SU01).

They are not authorization relevant.

You must use the logon data tab field. That is authorization relevant.

You can however use a naming convention and then mask in role field values for CLASS.

Check is always from left to right when masking. After *, everything is *. So thing the groups in SUGR through carefully...

Cheers,

Julius

Former Member · ‎06-05-2013

This message was moderated.