Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

user creation without SAP_ALL

Former Member

‎04-16-2007 5:45 AM

0 Kudos

i need to create a user who has authorization to create new user ,roles etc but the user i am creating should not have authorization to add sap_all,sap_new both at SU01 and pfcg.pls tell me how to do.

5 REPLIES 5

Former Member

‎04-16-2007 6:40 AM

0 Kudos

Hi,

Please create a role and add Transactions SU01, PFCG, SU53 in the Menu tab and generate the role and assign to user.

When you add pfcg it brings up S_USER_GRP and S_USER_PRO along with some other object. <u>with the following combination the user will be able to create a user with

access to SAP_ALL, SAP_NEW:</u>

<b>S_USER_GRP

ACTVT: 01, 02, 03, 05, 06, 08, 22, 24, 78

CLASS: <DUMMY>

&

S_USER_PRO

ACTVT: 01, 02, 03, 06, 07, 08, 22, 24

PROFILE: SAP_ALL, SAP_NEW</b>

So make sure that you dont include SAP_ALL and SAP_NEW and only include the values which user is suppose to access in S_USER_PRO.

Hope it helps.

please award points if it is useful.

Thanks & Regards,

Santosh

Message was edited by:

NAVABOTHU SANTOSH KUMAR

Former Member

‎04-16-2007 7:30 AM

0 Kudos

if your question is only what you have mention then i thing you should do:-

1) PFCG to create a new role .....

give it some name...

2) MENU -

> Transaction -

> add the transaction for the authorizations you want to give

like SU01 ---> to create user

PFCG ---> for role maintenec...

and so forth

Former Member

‎04-16-2007 9:04 AM

0 Kudos

Hi,

you have to manage the following object:

S_USER_AUT

S_USER_GRP

S_USER_PRO

S_USER_SYS

hope it helps

former_member190272
Active Contributor

‎04-16-2007 12:19 PM

0 Kudos

Hi

Go to Tcode PFCG And creat a role and assigne Tcode(SU01,PFCG,and other) in menu and generate profile.Hope its work fine.

Also Check Profile Parameter auth/no_check_in_some_cases = Y in RZ11.

Thanks

Pankaj Kumar

Former Member

‎04-20-2007 1:18 AM

0 Kudos

The best system is not to include S_USER_PRO in the role. This will ensure that the user to whom this role is assigned cannot assign any profiles - including SAP_ALL or SAP_NEW. The user can only assign roles. This is SAP recommended practice.

Hope this helps.

Snehal