03-28-2008 10:28 PM
Hi ALL,
I was browsing through a SAP std role SAP_BC_USER_ADMIN.
I found a object S_USER_AUT with fields ACTVT,AUTH,OBJECT.
Please Illustrate the second field AUTH with eg.
Thankyou,
Ajit
03-28-2008 10:34 PM
Hi Ajit,
For any object's documentation, you can go to SUIM.
Go to Authorization object -> By object name, there give the authorization object name (eg:- S_USER_AUT) and execute.
You can see its documentation there.
This contains complete description of the authorization object and its fields with examples.
Hope this helps.
-Neha
03-28-2008 10:34 PM
Hi Ajit,
For any object's documentation, you can go to SUIM.
Go to Authorization object -> By object name, there give the authorization object name (eg:- S_USER_AUT) and execute.
You can see its documentation there.
This contains complete description of the authorization object and its fields with examples.
Hope this helps.
-Neha
03-28-2008 10:43 PM
Hi Neha,
I have gone through the documentation.
But not able to understand it.
In documentation,
AUTH = *,
i.e What does this signify?
Please explain with some eg. except * value for AUTH.
Thankyou,
Ajit
03-28-2008 11:13 PM
You should also want to consider this object (S_USER_AUT) in conjunction with S_USER_OBJ.
Please read the documentation on the S_USER* objects (there are a number of them, which work in conjunction with each other) in transaction SU21, for where they can be used in your concept.
Cheers,
Julius
03-28-2008 11:34 PM
You can include this object in a test role and see the possible values for this object by doing an input help for the field AUTH.
Also, you can see the same from the transaction SU03, which would show you the list of the profiles (manually created or generated) which contain these objects.
For the same authorization object, there are a number of authorization names (AUTH) field. This you can see in the table USR12.
Well, in all the roles in my system which contain S_USER_AUT, I have assigned * for the AUTH field, so I haven't really used it otherwise (as there is just one security administrator).
I hope someone else is able to explain this field in a better way.
-Neha
03-31-2008 1:09 PM
Authorization to create and maintain authorizations (object S_USER_AUTH).
The object User Master Record Maintenance: Authorizations (S_USER_AUT) defines
the authorization object name and the authorization name for which an administrator
has authorization and the activities that are allowed.
The object S_USER_AUT can be used to grant an administrator authorization to create
only certain authorizations in roles and thus prevent critical authorizations from
being created in roles.
Describtion of fields:
OBJECT: specify Authorization Object that the user can administor
AUTH: With this field, the authorization administrator can be given a limited name space such as customer namespace or for a perticuar module only. As each module has its diffrent namespace.
03-31-2008 10:53 PM