Changing role for users

Hi,
in forms 10g , it's possible to change the role for user
REVOKE role_name FROM :USERNAME;

This should work, but the user revoking a role from a different user needs to have the admin option of this role.
When creating a role, by default the "Admin option" for that role should be enabled for the user creating the role.
Normally, this would be the schema-owner of the application objects ...
A user holding the "admin option" may grant a role to a different user and grant the other user "admin option" on this role...

Similar Messages

  • Export and import change document for user master data

    Dear Gurus,
    I have two queries on change document for user master data:
    1. Are there any approaches to export and import change document for user master data?
    We often do system copy from PRD to QAS for UAT and troubleshooting. Before system copy we export the user master data from QAS and then import after the copy process. We would like to keep the change document for user master data on QAS from being refreshed from PRD for security reason.
    2. Change document for Role change in QAS
    When the role is created or modified in DEV and then transported to QAS, the role change document doen't include this change log. The role change document in QAS only records those role changes directly made in QAS.
    Could you advise this is by SAP design or are there any approaches to record this transported role change  in the role change document in QAS?
    Thanks
    YBY

    1. Perhaps you want to consider a system copy to a "virtual system" for UAT?
    2. Changes in QAS (as with PROD as well) will give you the delta. They should ideally be clean... You need to check the source system.
    Another option is to generate the profiles in the target system. But for that your config has to be sqeaky clean and in sync, including very well maintained and sync'ed Su24 data.
    Cheers,
    Julius

  • FM for Change Documents For User

    Hi all,
    We need a Function Module for tracking the changes of a user account. Is there any function encapsulating the functionality supplied by SU01 -> Information -> Change Documents for User?
    thanks,
    - ferudun

    Hi
        Try this BAPIs
    BAPI_USER_LOCPROFILES_READ
    BAPI_USER_GET_DETAIL
    Regards
    Bala Krishna

  • HI,how to find roles for user based on userid?

    hi,
    i need to find roles for each user based on user id.
    can i know any one knows this how to get roles for user?
    thanks,
    jpullareddy

    hi,
    i solve my self.
    i am getting values
    jpullareddy

  • Read-Only Role For User Admin

    Hi, I am trying to implement a role that would enable a user to have the same functionality as the out-of-the-box User Admin role, but that this user would not be able to actually create or modify users, roles assignments, etc.
    The idea is to have a 'Display' role - with read-only access.
    The solution we are comtemplating right now involves getting the source code from SAP, copying it, and modifying it - disabling any interaction. We would then create new iviews, pages, etc from there only for this role. This is a tedious task.
    Any ideas on how else this can be done?
    Thanks

    I have only managed to do this by creating a role and assigning the relevant User Admin iViews to the role and then changing the End User Permissions on the role.
    I assigned the ReadAll Premission. That did the trick for me.
    Groups unfortunately require the manage_groups Permission, so we do not allow the viewing of groups.

  • Role for User Administrator(Read only)

    Hi All,
    I want to create a role just like the role ofUser Administrator.But I want to make it read only.I want that the end user can perform search operation,can see the locked user,can see the roles but can't delete the user.Basically ,they shouldn't able to do the modification.
    Any suggestions will be appreciated.
    Paritosh

    I have only managed to do this by creating a role and assigning the relevant User Admin iViews to the role and then changing the End User Permissions on the role.
    I assigned the ReadAll Premission. That did the trick for me.
    Groups unfortunately require the manage_groups Permission, so we do not allow the viewing of groups.

  • Table to look for change documents for users

    Hi friends,
    Is there any standard table to look for change documents for a user?change document through SUIM does not give the correct log.
    Thanks for you support.

    Julius
    Looking at another of Tracy's other post (http://scn.sap.com/thread/3598947) she's trying to use ACL. Hence needing to know the tables to write joins/queries to hit tables within ACL
    I've seen ACL used and have had the fun experience of Auditors using Google to find tables to perform checks on without context of what has actually been implemented in their particular system.
    Regards
    Colleen

  • DEFAULT ROLE FOR USER

    I swich to Oracle11g express and create user
    CREATE USER LEO
    IDENTIFIED BY xy
    DEFAULT TABLESPACE USERS
    TEMPORARY TABLESPACE TEMP
    PROFILE DEFAULT
    ACCOUNT UNLOCK;
    -- 3 Roles for LEO
    GRANT AUTHENTICATEDUSER TO LEO;
    GRANT CONNECT TO LEO;
    GRANT FER_ADMIN TO LEO WITH ADMIN OPTION;
    ALTER USER LEO DEFAULT ROLE FER_ADMIN;
    -- 1 System Privilege for LEO
    GRANT CREATE SESSION TO LEO;
    -- 1 Tablespace Quota for LEO
    ALTER USER LEO QUOTA UNLIMITED ON USERS;
    and after login i check
    select * from SESSION_ROLES
    and i have none role
    if I set role all works fine.
    Why I doesn't have DEFAULT ROLE after login.
    Pleas for help .

    here is the solution
    default roles and grants
    Edited by: Leo Lakota on 4.10.2012 5:52

  • Roles for user in supplier self-registration

    Hello everyone,
    I was checking the configuration guide for Strategic Sourcing and for Servece Procurement and I have a doubt.
    For supplier self-registration is needed an anonymous user, but in the guide for Strategic Sourcing says that the roles for this user are SAP_EC_BBP_CREATEUSER and SAP_EC_BBP_CREATEVENDOR, however, in the guide for Service Procurement says that the roles are SAP_BC_BASIS_MONITORING and SAP_EC_SUS_ADMIN_VENDOR
    What are the right ones?
    Thanks,
    Ivá

    Hi,
    The user should  have the  roles: SAP_EC_BBP_CREATEUSER & SAP_EC_BBP_CREATEVENDOR.
    This user is maintainted in ROS client BSP service ROS_SELF_REG in Log on Data
    with ROS client, user ID and password.
    BR,
    Disha.
    Do reward points for useful answers.

  • Oracle Role for User Administration

    Hello,
    I am a DBA. We have a separate group that maintains oracle user accounts within an oracle database. We would like that group to maintain users (add/remove users from database, add/remove roles, etc.) but we do not want to give them the 'DBA' role for security reasons. Ideally, we want to grant them a role that gives them the ability to administer users but not do anything else.
    Does a role like this exist within Oracle? If not is there a workaround to obtain this type of functionality?
    Thank you!

    Do you have this actually working? I have it complaining about permissions on the line that tries to create the user. I thought oracle restricted doing this for security reasons. I am creating this as a user with the 'DBA' role and then when I try to execute it as the same user (which can create users normally) I get this error:
    SQL> exec system.create_user('troy1','troy1');
    BEGIN system.create_user('troy1','troy1'); END;
    ERROR at line 1:
    ORA-01031: insufficient privileges
    ORA-06512: at "SYSTEM.CREATE_USER", line 4
    ORA-06512: at line 1
    And here is the code (based off of the example)...
    CREATE OR REPLACE PROCEDURE create_user( p_username IN VARCHAR2, p_password IN VARCHAR2 )
    AS
    BEGIN
    EXECUTE IMMEDIATE 'CREATE USER ' || p_username || ' IDENTIFIED BY ' || p_password || ' DEFAULT TABLESPACE users ';
    END;
    Any ideas?

  • I can not find sap_bc _jsf_communication role for user sapjsf user

    hi Masters,
                when i am trying  to create user in portal, it showing error message. " an error occured in  persistence .Please contact system administrator"..
             i found there are no roles assigned to sapjsf user. we need sap_bc_jsf_communication role  for sapjsf  user.. But there are no roles assigned to sapjsf user.
    how can i assing the sap_bc_jsf_communicaiton role to sap jsf user. Pease give reply.
    POrtal and r3 are installed in one system only on db2 database.
    Edited by: sujana mullapudi on Dec 7, 2009 4:34 PM

    hi ,
    I have checked the sapjsf user roles  in su01 t-code- r3 side. for sap jsf user the two roles sap_bc_jsf_communication and another role sap_bc_jsf_communication_role(something Like). these two roles already exist for sapjsf user in r3 system.
    but in portal side the roles are not exist . can you tell me whats the reason, and please reply me.

  • Remove T Code for each ROLE for user

    Hi Experts
    Can anyone tell me how to remove the T code for each role which was define individually for users Eg
    CR01 has been assign to 50 users, the difficulty is I have to go to each role then search for CR01 t code then delete and again generate the Authorization
    In this way there are so many t codes which I have to go one by one to delete it.
    Any help to remove the t-code for each role through any way.
    regards
    Piroz

    try the Security forum at Security
    they might have trick (such as CATT scripts).
    doing this via SQL commands is dangerous. avoid this solution if you are not 100% sure of its impact.

  • How to restrict changing password for user ?

    Hi All experts ,
    We have created users . Users should not change their password without permission of Administrator . How to restrict them by setting Permissions / Authorizations ? 
    Thanks.
    KISHORE SATPUTE

    Hi,
    In "USER MAINTENANCE- SU01" --> in the "logon tab" there are 5 different "user type"
    1. dialog
    2. system
    3. communication
    4. service
    5. reference
    Kindly mention the function and role of all the above mentioned user types specifically and hows is one user type different from another.
    These are as follows:-
    1. Dialogue:-
    For this kind of users:-
    GUI login is possible.
    Initial password and expiration of passowrd are checked.
    Multi GUI logins are checked.
    Usage:- These are used for GUI logins.
    2. System
    For this kind of users:-
    GUI login is not possible.
    Initial password and expiration of passowrd are not checked.
    Usage:- These are used for internal use in system like background jobs.
    3. Communication
    For this kind of users:-
    GUI login is not possible.
    Users are allowed to change password through some software in middle tier.
    Usage:- These are used for login to system through external systems like web application
    4. Service
    For this kind of users:-
    GUI login is possible.
    Initial password and expiration of passowrd are not checked.
    Multiple logins are allowed.
    Users are not allowed to change the password. Only admin can change the password
    Usage:- These are used for anonymous users. This type of users should be given minimum authorization.
    5. Reference
    For this kind of users:-
    GUI login is not ible.
    Initial password and expiration of passowrd are not checked.
    Usage:- These are special kind of users which are used to give authorization to other users.
    Rewads point if helpful
    Thanks
    Pankaj Kumar

  • Changed roles for given timestemp

    HI All,
    I need to find a way to find if some of the user roles are changed i.e. deleted or add for time
    range ,there is FM CHANGEDOCUMENT_READ  but how i can use it for roles ?
    for example i want to know which roles are changed for the last 2 days .
    Regards
    Chris

    Try to use fm
      call function 'CHANGEDOCUMENT_READ_RANGES'
        exporting
          objectclass_tab            = i_objectclass_i
          date_until                 = p_datum "<<<
          time_until                 = p_time "<<<
        tables
          editpos                    = i_cdpos
        exceptions
          no_position_found          = 1
          wrong_access_to_archive    = 2
          time_zone_conversion_error = 3
          others                     = 4.

  • User role for user authentication in a SOAP receiver channel

    Hi,
    What is the role required for a user in a SOAP receiver channel. This user is specified in the User Authentication while configuring the channel.

    Hi,
    User Authentication is not mandatory but If your Web service requires logon data, select the Configure User Authentication checkbox and fill in the corresponding fields.
    If the Web service is outside your system landscape and you need to address a proxy
    server, select the Configure Proxy checkbox.
    The sender SOAP adapter does not require a SOAP action, but you always have
    to apply logon data when using the SOAP adapter. In the central adapter engine
    you can use a service user such as xiappluser; in a non-central adapter
    engine or a PCK you must use one of the user names assigned to security role
    xi_adapter_soap_message for component XISOAPAdapter.
    Regards,
    Divya

Maybe you are looking for

  • Billing documento to CO-PA

    Hello gurus, I want to allocate to CO-PA the sales order billing document (VF02). I have customized KE4I and the P&L account is cost element type 11. when i create the billing document the profitability analysis object is derivated but no profitabili

  • A video on any site is shown double, one on top of each other!

    When ever I want to see a video, no matter what site it is, the screen, where the video is on, shows two images of the video. Basically, the video is condensed into two, one on top of each other, making them wide, but I dont know why there show two!!

  • Viewlets - what's the name of the product you use?

    Hi Oraclers, I'd like to prepare some viewlets of my application and I was wondering if you created them with Macromedia Captivate or some other tool. Thanks and bye, Flavio

  • I have problem with a blank new tab

    When I open "New Tab" (CTRL+T or just +) it shows me a blank page. Can I change it anyhow so it can be my Search Engine or something like that??? Pls???

  • Copy or Duplicating a Slide - Problem w/Editing

    I am working on a presentation (in Captivate 4) that was started by importing a PowerPoint presention.  I would like to make the first/opening slide also the last/closing slide with some minor changes.  I have tried copying the first slide, moving th