Not able to restrict users from using SU01

Hi ALL,
We are working on roles related to SECURITY ADMINISTRATOR.
The role has been given a transaction SU01D and not SU01.
But the users are able to enter into SU01 through SUIM.
I will illustrate this situation more:
SUIM->USERS->BY LOGON DATE AND PASSWORD CHANGE
Then I entered the user id.Executed.
From the result, I was able to enter into su01 .i.e was able to use the change button of su01.
Please tell me how do I restrict this situation.?
Reagrds,
Ajit.

Access to user administration is not only limited to SU01.
Most likely, the threads of this search term will explain why the users can access the transaction screens of user administration: https://forums.sdn.sap.com/search.jspa?objID=f208&dateRange=all&numResults=15&rankBy=10001&threadID=&q=SU01_NAV
Whether the user can complete the transaction is a different story... for that you need to use the application authorization objects (S_USER* objects are a good start - see transaction SU21 for more infos on the application security concept for these objects)
Cheers,
Julius
PS: A troublesom object is S_USER_GRP, because it is important. When the user ID does not have a user group assigned, then the effectivness of this authorization object is weak, which can impact your security (depending on the access of the user without an authorization group)...

Similar Messages

Restrict users from using Manual series

Hi SAP,
Is there a way to restrict users from using the Manual series?
Thanks,
Janice

Hi Rahul,
Ok, i have seen already the authorization for document manual numbering and it is available only for 8.8 versions and not on 2007 version of SAP.
Anyway, when im doing the testing i found out that for banking transactions like incoming, user can still use the manual series even if he has no authorization for manual document numbering.
Another concern from our client was the use of manual series only, is it also possible in SAP? I tried to give user authorization in the manual document numbering and no authorization to series group no but user cannot already open the transaction window. Let us know if their inquiry is possible so i could inform them that only manual series can be restricted.
Thanks for your help.
Regards,
Janice

Not able to display users from Opneldap in Weblogic 8.1 Portal Admin

Hi
          I had configured openldap for multiple authentication in weblogic 8.1. I am able to see users and groups from openldap in weblogic admin console but when i go to Portal Administration i am not able to see those users and groups. Also as per weblogic documentation it says that Authentication provider selection is shown automatically in Portal Admin. Also i am able to log to portal application from openldap users.
          I want set entitlements using Portal Admin for openldap users
          Can anyone suggest how to make it work.

Hi
          I had configured openldap for multiple authentication in weblogic 8.1. I am able to see users and groups from openldap in weblogic admin console but when i go to Portal Administration i am not able to see those users and groups. Also as per weblogic documentation it says that Authentication provider selection is shown automatically in Portal Admin. Also i am able to log to portal application from openldap users.
          I want set entitlements using Portal Admin for openldap users
          Can anyone suggest how to make it work.

Not able to remove User from supervisor desktop

Im not able to remove an user that is not longer with the company from the queue, its on the agent queue and its shows at log out.
I already remove the user form CUCM, also deleted from the inactive user at the ccx admin, also Synchronize Directory Services and nothing..
the only thing I would like to do is
restart the Cisco Desktop Sync Service. but I dont know if I can do that during production without affecting other agents.
UCCX
Cisco Unified CCX Administration
System version: 8.5.1.11003-32
thanks

Hi Alberto,
Do you see this User ID in the Team which is managed by this supervisor, please de-associate it from the Team incase if it still appearing in the Team's associated list.
Hope this helps.
Anand
Please rate helpful posts !!

Not able to restrict user groups from accessing certain entities

We have created user groups and are trying to give them restricted access to certain entities so that they can perform consolidations only for those entities. But even after creating Security Classes (and assigning them to the entities in the metadata) and assigning [Default] security class access as Read Only, the users are still able to access and consolidate all the entities using process control.
Can anyone please let me know how to restrict consolidation to only certain entities?

To solve this you need the following information:
-- What roles do the users have? Anyone with the Administrator role has full access to all classes.
-- Examine the groups. If any users are members of a group which has more access than the users have as individuals, they get the greater access level. You can generate a report which shows all roles for all users including the derived roles.
-- Examine your metadata. Do the entities in question have the classes you intend? If you omit a class (the field has been left blank), HFM treats it like the [Default] class.
With this information we could help you troubleshoot the issue.
--Chris

RESTRICT USER FROM USING SAME REQUIREMENT TYPE WHILE CREATING SALES ORDER

Hi Friends,
I Have a requirement to in SD while creating any sales order i want the system sholud throw a error
message when i am using line items having same requirement type more than one time
i have tried some customer exits v45a0001 & v45a0003 . but was not successfull .
kindly somebody help me with elaborated steps .
thanks in advance .
regards
digvijay rai

no reply and i am to close this thread so i am putting it as answered ;(

Not able drop oracle user account - please suggest

Hi,
I am not able drop a user from oracle
SQL> DROP USER orderpd CASCADE;
DROP USER orderpd CASCADE
ERROR at line 1:
ORA-00604: error occurred at recursive SQL level 2
ORA-00376: file 2 cannot be read at this time
ORA-01110: data file 2: '/oradata/dsk1/PROD12/RBS_00.ora'
recently i converted form RBS to Auto UnDO management and there are no RBS tablespace and its files at moment.
Oracle Database 10g Enterprise Edition Release 10.1.0.4.0 - 64bit
OS is SUN OS.
Please help me out! thanks..
Edited by: user612078 on Sep 19, 2008 6:14 AM
Edited by: user612078 on Sep 19, 2008 6:27 AM
Edited by: user612078 on Sep 19, 2008 6:29 AM

SQL> select * from dba_data_files where file_id=2;
FILE_NAME
FILE_ID TABLESPACE_NAME BYTES BLOCKS STATUS
RELATIVE_FNO AUT MAXBYTES MAXBLOCKS INCREMENT_BY USER_BYTES USER_BLOCKS
/oradata/dsk1/PROD12/RBS_00.ora
2 RBS AVAILABLE
2
SQL> host ls -l /oradata/dsk1/PROD12/RBS_00.ora
-rw-r--r-- 1 oracle dba 2147491840 Sep 3 07:38 /oradata/dsk1/PROD12/RBS_00.ora
Please help me.. advance thanks...

Restrict users from editing and deleting not owned items

Hello guys.
I'm trying to restrict users from editing and deleting items created by other users. I know, that it can be achieved by using SPList.WriteSecurity parameter, but if I change its value to 2 or 4 - nothing happens...
May be there are some list permissions that can override this security setting? I tried to combine permissions in different ways but users either cannot modify any items or can edit/delete all of them...
By the way, setting ReadSecurity=2 works as it should work regardless of user permissions...
Please help.

Hi,
I understand that you want to change the write security for the document library. You can try the PowerShell script below:
$web = Get-SPWeb http://serverURL
$list = $web.Lists["Document library"]
$list.ReadSecurity = 2
$list.WriteSecurity =2
$list.Update()
$web.Dispose()
This setting will not affect the site collection administrator, he will always be able to edit the documents. You need to sue another account to have a test. If this still doesn't work, I think you need to manually edit the permission for each documents.
Thanks,
EnTan Ming
Entan Ming
TechNet Community Support

Restricting User from creating new records using when-validate-record

Hi,
I have a requirement for which I have to restrict he user from creating a record in the Supplier Master form if the suppliier type is 'Affiliate Supplier'.
I have done the following setups
Seq 10
Description Restricting user from creating Affiliate records
Level Function
Enabled Yes
Condition:
Trigger Event WHEN-VALIDATE-RECORD
Trigger object VNDR
Condition "${item.VNDR.VENDOR_TYPE_DISP_MIR.value} is NOT NULL
and
${item.VNDR.VENDOR_TYPE_DISP_MIR.value} LIKE 'Affiliate%'
Processing Mode BOTH
Context
Level User
Value User Name
Action Sequence 1
Type Message
Action Description Saving Affiliate record
Language ALL
Message Type Show
Message Text You Cannot Create Affiliate records Here
Action Sequence 2
Type Builtin
Action Description Stop Proceesing
Language ALL
Action Enabled Yes
Builtin Type RAISE FORM_TRIGGER_FAILURE;
This is working good on one instance but when I moved it to another instance
when I query the form and try to navigate to the bank accounts tab of the form which is based on a differnt block i.e VNDR_USES block, the when-validate-record trigger fires there also and stops the processing.
Any suggestions on this would be higly appriciated.
Thanks in Advance.

Hi Srini,
Yes, it does work...but in a Form Session if i Create more then one Item, in some cases it fires for the first records and not sleeps for the second.
Sometimes it doesn't give any response.
Appreciated if you divert to the link to check the Pacthes for 11.5.10 on Form Personalization.
Please share any ideas/example if yiou have to achieve the below requirement.
Requirement:
Once New record is created , a Custom Procedure should be invoked.
with out closing Form i am able to create n number of Items, so for every Item it should invoke Custom PLSQL Code on Save.
Let me know if i can achieve the same in Custom.pll .....as i can use either of Options.(Form Personalization/Custom.pll)
Thanks & regards,
Edited by: user632004 on Mar 16, 2010 7:50 PM
Edited by: user632004 on Mar 16, 2010 8:09 PM

Users are not able to create POs from PRs having Production Order (F)

Hi Gurus
Users are not able to create POs from PRs having Production Order (F) as creation indicator.
Whenever we are trying to convert the PR to PO we are getting the error message "Requisition has different doc. type NB and item cat. >&<" based on the below OSS# 938154 condition for the creation indicator type F.
Would you please investigate and advise what OSS notes are required to be able to use item category L (subcontracting) on a PO for a requisition generated from a network activity via Procurement Type = "Preliminary requisition for WBS element".
Thanks,
Sada.

Hi Ajay & Andra
Whenever we are trying to convert the PR to PO we are getting the error message "Requisition has different doc. type NB and item cat. >&<" based on the below OSS# 938154 condition for the creation indicator type Production order (F).
Our Business requirement as shown below.
1).The problem - we currently have no way to "direct requisition" an item to be procured via subcontracting - only itu2019s possible via MRP.
2).These behaviors are inconsistent as the requisition process should not impact the procurement process. Can we find a way to influence the creation indicator on the requisition so that it does not appear as a production order?
Please suggest any alternate method for achieving this.
Thanks & Regards
Sada

Not able to open mail from my mac, gmail repeatedly asking for password. but using same password able to open gmail on safari

not able to open mail from my mac, gmail repeatedly asking for password. but using same password able to open gmail on safari

okay well they got me to take out some .plist files to see if that would help it didn't. I'm not sure what ones that they deleted for my self maybe someone here would be abel to tell you what ones to take out but didn't work the one that came close to working was this going into keychain and deleting the account(s) then reading them again.
if you are to do this please back up first with Time Machine. You can do this with a usb drive.
Okay so go back to where you had internet accounts and make sure mail is shut. click the - on the account your having problems with then quit system preferences.
Okay so then press cmd and space bar at the same time then type 'keychain access' into the search then click on 'keychain access'
once it is open go to the top of the window and put your email address that you are having problems with.
once you have put in your full email, have a look at what comes up i deleted things in the kind colome with 'internet password' and anything with under name that had smtp.gmail.com or imap.gmail.com so it would look like this, map.gmail.com - internet password.
right click and delete them. make sure not to touch any other files that dont say them things on them.
Once you have done this quit keychain access and then restart the computer, once the computer is restarted go back to system preferences and internet accounts and re-add the account.
Hope this helps. if something is not clear just ask.

I installed Firefox sync and then used iphone app called FireFox Home and I can syncronize history, tabs and bookmarks. But I am NOT able to syncronize passwords from Firefox in my Macbook to FireFox Home on iPhone !

I installed Firefox sync and then used iphone app called FireFox Home and I can syncronize history, tabs and bookmarks. But I am NOT able to syncronize passwords from Firefox in my Macbook to FireFox Home on iPhone so I am very terrible to input my IDs and Passwords with my hands on FireFox Home when I log into Facebook, Twitter etc... Is it issue or something like that? If you have some solutions to make it clear, can you tell me how to syncronize memorized IDs and Passwords for the webs. Thank you.

You can look in Tools > Options > Sync
Menu differences: [http://kb.mozillazine.org/Menu_differences Windows: Tools > Options - Mac: Firefox > Preferences - Linux: Edit > Preferences]
See also:
* [[What is Firefox Sync]]
* [[How to sync Firefox settings between computers]]
* [[How to sync Firefox between my desktop and mobile]]

I bought the apple iphone 4G J-5 from Laos and now want to use it in India using the normal Airtel SIM but am not able to make calls from the phone pla. help

I bought the apple iphone 4G J-5 from Laos and now want to use it in India using the normal Airtel SIM but am not able to make calls from the phone plz. help

Is this what you have? (see above?) That's what I get when I search for iPhone 4G J-5 in Google.
If so, this is NOT an iPhone! It is NOT made or sold by Apple. You have a cheap Chinese knockoff.

Even after set Mo:Security and HR:Security,user not able to restrict require Inventory Org.

Hi All,
Even after set Mo:Security and HR:Security,user not able to restrict require Inventory Org.
Both the profile option have set at responsibility level.
Reagrds,
Sandesh

2785222 wrote:
Hi All,
Even after set Mo:Security and HR:Security,user not able to restrict require Inventory Org.
Both the profile option have set at responsibility level.
Reagrds,
Sandesh
Hi Sandesh,
First note that HR:Security Is for HRMS module for restricting data for respective OUs
MO:Security is for other Modules such as Inv, PO, AR, AP etc., for restricting data
Change the inventory Org to the one you want and then query data...
Hope it helps.
Regards,
Shahzad.H.Magsi

Certen user is not able to create the sc using sepecific vendor

Hi,
User is not able to create the SC entering specific vendor .
This vendor is in maintained in SRM for one pur.org (I have checked in PPOMA_BBP).
Then why he is not able to creating the sc using this Vendor

whether user is belong to same region of the Vendor or different. Is there any enhancements you have like that.
Please check those things.
Hope this will help.
Thanks
Venkatesh P

Not able to restrict users from using SU01

Similar Messages

Maybe you are looking for