Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

admin can create user for specific company

Go to solution
dhavallimbachiya2
Explorer

‎06-19-2008 11:07 AM

0 Kudos

Hi all,

I have requirement to provide authoriaztion to 3 basis admin in the way that they can use su01, pfcg or any basis related tcode but one should be restricted to one company say 'A' only... i.e. I have 3 basis admin A, B and C on single system and 3 comanies say DEF, PQR and XYZ . Now A can create use id for DEF company only...same for the rest of the user and company..

Is it possible n what way ?

Rgds

D L

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎06-19-2008 11:25 AM

0 Kudos

If the admins can do role assignments as well, then you might want to consider the company code in the role naming convention and use S_USER_AGR to control their powers.

If they have access to authorization administration as well, then take a look at S_USER_VAL, S_USER_OBJ etc.

Cheers,

Julius

9 REPLIES 9

Go to solution
fredrik_borlie
Contributor

‎06-19-2008 11:21 AM

0 Kudos

Of course this can be done.

Here you would be using the S_USER_GRP authorization object.

Giving access this authorization will allow user A to only manage users in group DEF

S_USER_GRP

ACTVT 02

GRP 'DEF'

Giving access this authorization will allow user C to only manage users in group XYZ

S_USER_GRP

ACTVT 02

GRP 'XYZ'

Create user groups via transaction SUGR.

Read more at:

http://help.sap.com/saphelp_nw70/helpdata/EN/fa/f63f4222fab16be10000000a155106/frameset.htm

Good luck

Regards Fredrik

Go to solution
dhavallimbachiya2
Explorer
In response to fredrik_borlie

‎06-19-2008 12:06 PM

0 Kudos

by assigning user_grp u can assign the user ids defined in user group so you can make changes in the user id allocated to the user group but can not be restricted to perticualr company

Go to solution
Former Member
In response to fredrik_borlie

‎06-19-2008 1:07 PM

0 Kudos

Solution is create a usergroup per company, if you want to restrict on the company code itself you have to go through a lengthy abap process creating your own code

Go to solution
Former Member
In response to fredrik_borlie

‎06-19-2008 1:34 PM

0 Kudos

Hi Auke,

I don't understand this comment:

> ... if you want to restrict on the company code itself you have to go through a lengthy abap process creating your own code

Which code are you referring to?

Cheers,

Julius

Go to solution
Bernhard_SAP
Advisor
Advisor

‎06-19-2008 11:23 AM

0 Kudos

Hi ,

the solution could be easy, if you set up the 3 companies in different clients of the system. According to the access to that clients, your administrators will be able to use basis transactions only in that client/for that company.

b.rgds, Bernhard

Go to solution
Former Member
In response to Bernhard_SAP

‎06-19-2008 11:27 AM

0 Kudos

Hmmm... the downside of that would be more customizing and the risk that the customizing, the roles, the user admin, the monitoring,,, could drift appart.

Cheers,

Julius

Go to solution
Former Member
In response to Bernhard_SAP

‎06-19-2008 12:02 PM

0 Kudos

The first solution is the most common used and is secure, as it makes use of functionallity designd for this purpose

Go to solution
dhavallimbachiya2
Explorer
In response to Bernhard_SAP

‎06-19-2008 12:08 PM

0 Kudos

thanks

but i want to perform same only in one client ....

Rgds

D L

Go to solution
Former Member

‎06-19-2008 11:25 AM

0 Kudos

If the admins can do role assignments as well, then you might want to consider the company code in the role naming convention and use S_USER_AGR to control their powers.

If they have access to authorization administration as well, then take a look at S_USER_VAL, S_USER_OBJ etc.

Cheers,

Julius