Remove a particular User Role (SU01) using an FM

Similar Messages

• UMX - Enabling the Remove button on User Role Management screen

  Hi,
  I tried looking everywhere on how to enable the Remove Button on the UMX Role Screen. Please advice me if anyone knows about this. Appreciate it.
  Navigation
  1 User Management Responsibility
  2. Users tab -> look for any user -> click on update button on the search result
  3. on the Roles tab , you will see a list of role assigned to the user , on the far right , there will be a Remove column with all the icon grey out. (How do i enable this???)

  Laurent wrote:
  Hi,
  I tried looking everywhere on how to enable the Remove Button on the UMX Role Screen. Please advice me if anyone knows about this. Appreciate it.
  Navigation
  1 User Management Responsibility
  2. Users tab -> look for any user -> click on update button on the search result
  3. on the Roles tab , you will see a list of role assigned to the user , on the far right , there will be a Remove column with all the icon grey out. (How do i enable this???)You cannot remove a role and you will have to end-date it (click on the plus sign with the "Show" text > Set "Active To").
  To revoke a role from the user, you must end-date the role. If the role is an inherited role, you can only remove it by removing the role from which it originates in the role inheritance hierarchy. You can view a role's inheritance hierarchy by clicking on the Show hyperlink next to the role.
  Assigning Roles to or Revoking Roles from Users
  http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T156460.htm#366082
  Thanks,
  Hussein

• UWL Universal Worklist use User Role Negate Filter

  Hi, SDN Expert.
  In my UWL configuration, I am trying to exclude to display my task items to one user role.
  I know that the "User Role" parameter can help me to restricts/allows who can get work items via the user role. I can also have multiple user roles separated by semi-colon to cover all the roles to receive the task.
  BUT in my case, I only want few roles NOT to receive the task items, and all other roles to receive them.
  My question is can I use the "NEGATE SIGN" , "!" (means Not Equal To) to exclude the particular user role to receive the task item, says I want to exclude the role name: "mydemorole", I just enter this "!mydemorole" in the "Use Role" parameter of the UWL configuration.
  If NOT, what is the right way I should use to achieve this purpose?
  Thanks for advise,
  KC

  Michael, you can do this in the UWL but only with a 6.40 backend (ex. ECC 5) with a specific patch level (can not remember that patch level).
  Before this you need to set these substituion in the R/3 inbox.
  This being said it is only for workflow task routing. If I read your message correctly you want a manager to assign his authorizations (roles in R/3 or the portal) to a secretary. This is not supported in any standard SAP (or portal) scenario as far as I am aware.
  Cheers,
  D.

• OIA webservice for removing user role

  Hi,
  I need information regarding web services exposed in OIA for removing roles etc. We need it in our environment wherein we may not be having priviledge to make database query directly for removing user roles.
  (the use case is as follows:
  when user id disabled in OIM, assosciated database resource (DBAT, OIA database is used;rbx_users) is disabled ,and user's role is to be removed)
  how this can be achieved via web-service call.
  any pointers will be helpful
  regards,
  chhavi

  Hi Pallavi,
  i have the same problem, can you provide me more specific details?
  -exactly oimjdbc.properties location please?
  -which is what I have to modify?
  Thanks in advance!

• Security Issues with the BP Internet user role creation--SU01

  Hi All,
  We are implementing the B2B Internet sales scenario using CRM 4.0. we
  have contact persons who logs in and chose the distributor and then
  start placing orders or look at product catalog .... Now contact person
  is created as a BP in CRM and relation ship is maintained to sold to
  (bp). During this process the contact person should be created under
  the Internet user role which uses the SU01. so we will be able to
  change password or change the roles of the users while creating BP
  under the internet user role -- same as what we do in SU01.
  This is now a security Issue because who ever can access the BP
  (create/change) will be able to do the things we can do under
  transaction SU01. But we still need to access the Internet user role in-order to assign the user id to the contact person . Is there any other
  way of doing this.
  Please advice ASAP.
  Thanks
  Vasu

  Hi Ashwini,
  you need to modify the logon routine and then in the user management (isauseradmin application) to do this. Then there are likely changes to the catalog identification, and very likely to most processes in the shop. I really wouldn't advise doing so. As accounts usually have contact persons: Why does your client insist in providing a login for the organization and not for a person?
  To achieve something that looks almost like the desired solution you, e.g., could model a dummy contact person for each account that shall get a logon, that then does the job. The contact person could be named like the company and then you are back to plain standard.
  Rgds
  Thomas

• How to add a BSP application to user role

  What is the procedure to add a custom 'Zbsp' BSP application to the user role in PFCG Transaction code ?
  When we add a transaction or report. it is working fine.
  Please Suggest to add BSP application  by defining required parameters

  Hi Raja,
  The  BSP application which i have created used to access a custom based abap program by means of  Ztransaction or Z internet service.
  In SRM, I want to assign this BSP application page which has link to the abap program to SUS suppliers portal page . i.e add to the particular user role.
  When i try to add this application to the user role in PFCG , it asks for the parameters action-id menu no and controller name.
  These are all used in the standard BSP appliaction say SRMSUS  bsp application..
  Suggest what values should i give it to access this BSP application to the particular user role..
  If you have questions in my requirement, do ask me.
  Thanks in advance

• Assign views to user roles

  Hi,
  we have created views for a particular application. Now we want to assign it to particular user "roles". Iam not sure of few things.
  1) How to create a role ?
  2) How to assign a particular view to a respective role?
  Thanks in advance,
  Raviraj

  Follow given steps:
  1 . For creating roles use the transaction PFCG ( Role Maintenance)
  2 . After creating the role ,inorder to provide authorization access to PCUI application use the authorization object BSP_APPL.
  After adding the BSP_APPL auth object ,you get 2 rows under 'Application Scenario' add your PCUI application object name and under 'View for UI Display ' add the view name.
  Thanks,
  Thirumala.

• How to hide custom fields in Shopping cart depening on user role

  Hi,
  We have some custom fields in shopping cart for basic view. Every thing works fine. Now client is asking to hide all the custom fields based on user role.
  I found some function module to fund roles. now my main problem is unable to find the cusotm filed screen field name.
  When I tryed to find the screen field name using BBPSC02/03, its giving 'GT_DISPLAY_100-FIELD'. If I try to use this field, its not working.
  Could you pls tell me how to find custom screen filed name to hide in shopping cart.
  Thanks,
  Ram

  Hi Ram,
  As Laurent suggested,to hide the custom fields based on the user role,you need to implement the logic in BADi "BBP_CUF_BADI_2".
  You have the importing parameter IV_USER in this BADI.
  Pass this parameter to tables AGR_USERS and AGR_USERT  to get the user role
  OR
  Use FM: BAPI_USER_GET_DETAIL
  with USERNAME= user id and can retrieve Table: ACTIVITYGROUPS Field:AGR_NAME
  if you want the otherway around
  you can also use FM: RSRA_USERS_OF_AGR_GET
  with I_AGR_NAME= role and you can retieve Table: ACTIVITY_GROUPS_USERS Field: UNAME(usr Id)
  Then check the value for the User role as obtained using the above steps and accordingly set the property for the custom fields to hide them.
  BR,
  Deepti.

• Knowledge articles user roles

  Hello all,
  I have a support group that need the access/rights to create/publish knowledge articles.
  What is the best user role to use in this case?
  Regards,

  Advanced Operators role is the most suitable. Authors have more rights then required.
  Cheers,
  Marat
  Site: www.scutils.com 
  Twitter:   LinkedIn:
    Facebook:

• I lose the 'authorization' tab in PFCG T-CODE on  particular user

  hai sap guru's ,
  i lose the 'authorization' tab in PFCG T-CODE on  particular user . (if i use PFCG in particular user i loose authorization tab)
  how can i solve this problem ?
  thanks & regards
  sathish.

  hello
  i suggest to make profile parameter
  "auth/no_check_some_in_cases = Y  or N "
  it will help you.
  then authorisation tab will be appear
  regards
  Ramesh

• Regarding user role!!!!!!!!!!

  One of the user here wants to know , For one particular vendor the user wants access only for herself. All other users shoudn't have access to post invoices or do any transactions to this vendor. My question is ,Is it possible to assign this role only to this user. If yes, please tell me how to do it.

  Hi
  Create the Vendor in Seperate Account Group and ask the Basis person give authorsation to Particular  user role .
  Ravi

• Access User Roles

  Hi,
  Can I access user roles by using the following code and if so, then how do I retrieve the role information from the iterator.
  //This is code for getting Username and role.
  IWDClientUser user1 = WDClientUser.forceLoggedInClientUser();
  IUser user2 = user1.getSAPUser();
       try{
            if (user2 != null) { IUserAccount[] acct = user2.getUserAccounts();
            if(acct[0] != null)
                String strUserid = acct[0].getLogonUid();
                 wdComponentAPI.getMessageManager().reportSuccess("name"+strUserid);
                 Iterator it = acct[0].getRoles(true);
       catch (UMException e) {
            wdComponentAPI.getMessageManager().reportSuccess(e.toString());
  Thanks,
  Jay

  Hi
    This should help you.
  //Get Role Information
    if (it.hasNext()) {
      IRoleFactory rfact = UMFactory.getRoleFactory();
      while (it.hasNext()) {
          String roleName = (String) it.next();
          IRole role = null;
          try {
              role = rfact.getRole(roleName);
              wdComponentAPI.getMessageManager().reportSuccess("Role:" + roleName 
              + "Display Name:"    + role.getDisplayName()
              + "ID: " + role.getUniqueID()
              + "Uniquename: " + role.getUniqueName()
              + "Description: " + role.getDescription());
          } catch (UMException e) {
          wdComponentAPI.getMessageManager.reportException("error: " + e.getLocalizedMessage(),true);
  regards
  ravi

• Role removal from Multiple users

  Hi All
  I have a query related to removal of roles from user profile.
  I want to delete a particular role from a set of users (say more than 600 users)
  is it possible with su10 you to  remove the role from the users  at a stretch or is it the right way to get it removed from the user tab in PFCG and get the user- master record adjusted?
  Please Suggest

  Hi,
  Preferably, you should use PFCG for your need...
  It will be a easiest way to perform this task...
  After that dont forget to do "user comparison"...
  Regards.
  Rajesh Narkhede

• BAPI -  user last modified Name, Date and Time in SU01 of a Particular User

  HI Experts,
  After searched a lot in SDN , i am posting this thread,
  I want to know any  Standard BAPI  to give LAST modified User name , time and Date in SU01 of a particular User.
  I checked * BAPI_USER_GET_DETAIL* , its giving LAST modified  time and Date in SU01, But I want Last modified user name as well.
  I have 2 questions related with the above scenario,
  1) Which BAPI gives the details of LAST modified User name , time and Date in SU01 of a particular User.
  2) Any Table is there to give details of LAST modified User name , time and Date in SU01 of a particular User for a time period ,
  For eg : 1 month, if i would have set the time line, it should give the three details .
  Regards,
  Saravana.S

  Hi,
  I am not sure, if there would be any BAPI particularly for giving such particular information. Even if you can, you  might have to call 2 BAPIs, one for finding the list of such users modified within 1 month eg., and then getting the mod date and mod time.
  BAPI_USER_GETLIST - this can be used for searching.. but tricky
  then you have to call another bapi for getting the details.
  One option is you can create a new Z BAPI using the table and get the results.
  Regards,
  Amit Mittal.

• Copy user roles/profiles : Su01

  Hello,
  I want to copy user roles /privileges from one user to other?
  how do we do this and which user can do this ? my pisuper does not seem to have authority to copy user profiles from one user to other?
  Thanks

  Try to Copy the user(Src user to Target user) from SU01 by logging in your user. When it displays authorization error, open a new Session  of SU53. It will tell you the missing authorization  objects. Add those authorizations to your user & you will be able to copy Users using ur userid.
  If you want to keep it simple.. Give yourselves SAP_All. You can do whatever you want.
  Copying Users
  http://help.sap.com/saphelp_nw04/helpdata/en/52/6711c5439b11d1896f0000e8322d00/content.htm
  Regards,
  Siva Maranani