Solved: reference user

Former Member · ‎2006 Oct 20

Do anybody know a report which allows me to maintain

a reference userID for multiple users.

I don't want it to be CATT script,LSMW.

Please

Tanks

Former Member · ‎2006 Oct 20

Hi Keerti,

It is an easy table and just one field (as I am sure you know), so have you considered popping it in directly?

You can do this very efficiently from SE16N or SE37.

Cheers,

Julius

Former Member · ‎2006 Oct 20

Hi Keerti,

It is an easy table and just one field (as I am sure you know), so have you considered popping it in directly?

You can do this very efficiently from SE16N or SE37.

Cheers,

Julius

Wolfgang_Janzen · ‎2006 Oct 20

Hi Julius,

didn't you mention that you used to be an auditor ...?!

Well, then you should know that direct table manipulations (without generating proper change documents) will cause trouble with the auditors.

Usually, SU10 should be used for mass operations on user master data. If SU10 does not offer such an option then I'd recommend to submit a development request.

Regards, Wolfgang

Former Member · ‎2006 Oct 20

Hi Wolfgang,

Yes I was an auditor and many auditors I know are very excited about this feature.

True: In the wrong hands it can be critical and the system could be messed up somewhat, but I was (and still am) more excited about users authorizations than abaps which make appropriate authority checks before they do something -> in this case inserting values (very efficiently) into a table.

So I would consider this exception handling... not manipulation.

Also my impression of Keerti is that he knows what he is doing and can judge when (and when not) to do something like this as a once-off solution.

Adding the reference user via SU01 will do exactly the same as SE16N (nothing more, and infact a little bit less because the change documents from SE16N are more reliable than those from SU01 - and many auditors will go straight to look for them, which makes it also a very transparent (auditable) process. Last I can remember, adding a reference user in SU01 did not write any change documents... or has that changed now?

I am of course not advocating that Keerti grant S_DEVELOP DEBUG authorizations and carte blanch S_TABU_DIS to all the users or himself on a permanent basis, but rather that for such an exception, approved, tested and documented (also in the SE16N_CD* tables), he could get himself the authorizations temporarily and in less than a minute it will all be over.

I would also think (as an auditor) that if the feature should not be used AT ALL, then SAP would have removed it completely and not (re)introduced it? I assume that SAP has a QA department? What do they think of it?

From one of Keerti's other posts, he also mentioned 800 users, so I dismissed Su01 immediately. But considering the alternative option of a development request, it might be faster to use Su01 after all...

SE16N is a fantastic transaction! I realy like it, and not for this reason. It is much more user friendly than SE16 / SE17 and has lots more features (including this one, which is there in Se16 as well - just much less user friendly in Se16).

Cheers,

Julius

Wolfgang_Janzen · ‎2006 Oct 20

> True: In the wrong hands it can be critical and the

> system could be messed up somewhat [...]

Well, what happens if you've overestimated your own skills ...? From my own experiences made in handling customer cases I can state that noone can mess up a system better than a "semi-expert". Normal users don't dare to "play around" - and therefore cannot cause too much damage. But those that bypass the checks ("because I know what I'm doing") are harmful. It reminds me of those guys that bypass a power switch ... (firemen really like them).

> So I would consider this exception handling... not

> manipulation.

Well, that sort of belittlement I'm referring to.

Sorry, but I'm sick of getting involved in complex support cases where in the end it turned out that "someone had played around" ...

In some future release those direct access to tables might be blocked. You'll then have to use APIs to access the data.

Cheers, Wolfgang

Former Member · ‎2006 Oct 20

Hi both,

I confused myself besides confusing You guys.

Our BW team is providing an interlink to our companies

website and Web Application designer templates.Security

is maintained at backend.

So that users can analyze the reports from the internet.

ofcourse they have to pass logon credentials.

this project went out couple of weeks before and got a very good feedback and so they want to use it globally.

this issue will add around 1000 users who are not existing on our systems until now. well they don't know

or even don't bother what applications are running behind the screen.

These users won't get into BW or WAD. but they work on analyzing data pulled from BW thru WAD web templates.

So I was searching various possibilities of reducing the license count.

I came to know I am going entirely on a wrong side.

Thanks guys

by the way

reference users got lot of issues. these do not show up properly in user info reports(In our system). I have to go for other things to get details.i prefer not using them.

but if I have to use probablu I would done with SE16N.

I don't think our auditors will be againist to this

measure.

Wolfgang_Janzen · ‎2006 Oct 20

Hi Keerti,

I don't really understand why you dislike using reference users. The reference user concept was introduced (in 4.6C) to ease the assignment of roles (respectively profiles) to a huge number of users which should be equipped with <u>identical</u> authorizations. That is typical for "internet users".

By assigning a reference user (which can actually also be considered as "collective role") you assign roles (and profiles) of that reference user (indirectly) also to each user (who is assigned to that reference user).

That allows to change authorization assignments <u>centrally</u> (for the reference user) instead of looping over a huge number of user master records.

Well, since "assigning a reference user" is equivalent to "assigning the roles and profiles that are assigned to that reference user", the user management (SU01) performs the equivalent authorization checks (S_USER_AGR, S_USER_PRO, etc.).

Regards, Wolfgang

Former Member · ‎2006 Oct 20

Using reference users is helpful thing I agree.

and I also used them.

these work more better than using composite roles.

I agree SAP went through lot of improvements.

but You can try looking at RSUSR070,RSUSR002, etc.

You won't get any info about the users using reference users.kind of misleading.

Authorizations from reference users are very well dragged to User buffers.and also saves time for us

But when You troubleshooting something You have to always keep in mind that You are playing on a system in which

reference users concept is getting used. besides this I din't tested how they behave during client copies, etc.

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My Account

My Account

reference user