Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Role design issue in regarding SU01 and UserGroups

Former Member
0 Kudos
121

Hi Experts,

I got a requirement to set up a custom role in regarding SU01 access and User groups. Create a role that allows users with this role to go to SU01 but only is allowed to lock/unlock account or reset password. Also should be able to do only with their particular group, not for all groups.

Suppose consider a scenario, we have 2 groups called India with 4 members and America with 5 members. Now admin of India group can only restrict those 4 people, should not have access to users of America group.

I have tried in a way that, created a role with one tcode SU01 in Menu tab and fields Activity:05 , Group Name: Test_group for S_USER_GRP object. Now assigned this role to a user(TEST1) and also mentioned the group name in Logon tab.So he will be the admin for group "Test_Group". in this way he is able to do lock/unlock account and pwd reset for all group members not only for Test_Group. I am not getting Where I am doing the mistake.

Please help me out to solve this issue.

Thanks in advance.

1 ACCEPTED SOLUTION

Former Member
0 Kudos
78

Whats error you are facing .Please elaborate

6 REPLIES 6

Former Member
0 Kudos
79

Whats error you are facing .Please elaborate

0 Kudos
78

Thanks for your quick response.

Now that user is able to do unlock/lock account or pwd reset for all groups. But actually he/she has to control over the one group only. This is the problem I am facing. Is there any mistake in above role design?

0 Kudos
78

Create groups & assign that in role you are creating.Once this is assigned to the test id ,then the test id can action only on groups in that role.

0 Kudos
78

As you suggested,I have created a role with only one tcode  SU01 and for S_USER_GRP I have given in the following way:

Activity: 05

Group name: Test_Group

and assigned this to user(Test1).

We have other groups like Test_Group1,Test_Group2 etc. But User(Test1) still able to do changes for Test_Group1 and T_Group2 rather than Test_Group

0 Kudos
78

Hi,

can you confirm the group is updated in "SU01 --> Logon Data tab --> User group for authorization check" for each of the test users.

John.

0 Kudos
78

Hi John,

Yeah, I missed user group name in their logon tab for test user. Instead of that I have given the user group name in Groups tab(SU01).

Now its working. Thanks for the help.