06-25-2014 11:21 AM
Hi Experts,
I got a requirement to set up a custom role in regarding SU01 access and User groups. Create a role that allows users with this role to go to SU01 but only is allowed to lock/unlock account or reset password. Also should be able to do only with their particular group, not for all groups.
Suppose consider a scenario, we have 2 groups called India with 4 members and America with 5 members. Now admin of India group can only restrict those 4 people, should not have access to users of America group.
I have tried in a way that, created a role with one tcode SU01 in Menu tab and fields Activity:05 , Group Name: Test_group for S_USER_GRP object. Now assigned this role to a user(TEST1) and also mentioned the group name in Logon tab.So he will be the admin for group "Test_Group". in this way he is able to do lock/unlock account and pwd reset for all group members not only for Test_Group. I am not getting Where I am doing the mistake.
Please help me out to solve this issue.
Thanks in advance.
06-25-2014 12:24 PM
06-25-2014 12:24 PM
06-25-2014 12:42 PM
Thanks for your quick response.
Now that user is able to do unlock/lock account or pwd reset for all groups. But actually he/she has to control over the one group only. This is the problem I am facing. Is there any mistake in above role design?
06-25-2014 2:36 PM
Create groups & assign that in role you are creating.Once this is assigned to the test id ,then the test id can action only on groups in that role.
06-25-2014 3:14 PM
As you suggested,I have created a role with only one tcode SU01 and for S_USER_GRP I have given in the following way:
Activity: 05
Group name: Test_Group
and assigned this to user(Test1).
We have other groups like Test_Group1,Test_Group2 etc. But User(Test1) still able to do changes for Test_Group1 and T_Group2 rather than Test_Group
06-26-2014 6:01 AM
Hi,
can you confirm the group is updated in "SU01 --> Logon Data tab --> User group for authorization check" for each of the test users.
John.
06-26-2014 9:47 AM
Hi John,
Yeah, I missed user group name in their logon tab for test user. Instead of that I have given the user group name in Groups tab(SU01).
Now its working. Thanks for the help.