-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- SAP Business Suite
- Artificial Intelligence
- Business applications
- Data and analytics
- Technology Platform
- Financial Management
- Spend Management
- Supply Chain Management
- Human Capital Management
- Customer Experience
- SAP Business Network
- View products A-Z
- View industries
- Try SAP
- Partners
- Services
- Learning and Support
- About
- SAP Community
- Groups
- Interest Groups
- Application Development and Automation
- Discussions
- Re: solution please
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
solution please
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2007 Aug 12 10:51 AM
- SAP Managed Tags
- Security
HI sapians,
I have a scenario, where in which the roles contains 2 transactions SU01 and SU10 , i want the user to have only display access for SU01 where he will have all access except display for SU10.i dont want to replace SU01 BY SU01D Tx .i want to create this scenario.can u please explain me how to do this works as both the transactions use the same object S_USER_GRP.
regards
pavan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2007 Aug 12 1:55 PM
- SAP Managed Tags
- Security
Pavan,
Regardless of how you configure your roles you must remember that instances of objects are merged into the user buffer at login. Therefore a transactions that share objects can potentially have access they weren't intended to, although this is why you can have multiple instances of the same object. However because there is no link between which transaction is checking the object and its configuration you cannot segregate them.
Therefore it is not possible to segregate this kind of scenario, and as SU10 basically allows the same change abilities as SU01 it is not (in my opinion) a valid scenario.
If you have a User Administrator they should have both, everyone else shouldn't have either with change, this is a part of SoD (Segregation of Duty).
I hope this helps.
Regards
Ashley
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2007 Aug 13 8:42 PM
- SAP Managed Tags
- Security
HI ashley,
I know its not a valid scenario , but that my requirement. what is the way out now...?
regards
pavan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2007 Aug 13 8:48 PM
- SAP Managed Tags
- Security
Hi Pavan,
Can you implement a user´s administration based on different user groups?.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2007 Aug 13 9:49 PM
- SAP Managed Tags
- Security
Hi Pavan,
The only way i can see for you is to create a customized ABAP, with your own customized Authorization Objects.
You can then specify the transaction to do exactly what you want and control its authorizations completely separately to the SAP standard transactions.
Hope this helps you.
Regards
Ashley
Bluesky