Restrict the role of User Administrator

Hello all,
I need to know that if it is possible to restrict the Role of an User Administrator to assign only a specific set of Roles to the end user.
For example : The user administrator should be able to assign only say Managers, Employees Roles to the Users and not any other roles like Super Administrators etc.
If so, how can we achieve that?
Regards
Avik

There is a authorization object (combined with a parameter) that does this restriction:
S_SPO_PAGE
Definition
Using authorization object S_SPO_PAGE, you can restrict the maximum number of pages of a request that can be printed on a particular printer.
This authorization check is only active if profile parameter rspo/auth/pagelimit is set to 1.
Defined fields
SPODEVICE       Device name for which the restriction is to apply.
SPOPAGES        Maximum number of pages allowed; enter a range (0 to n) here

Similar Messages

  • Restrict permissions to use the groups/users/roles in User Administration

    Hello gurus,
       I want to find out if there is a way we can restrict permissions to use the GROUPS in User administration. We want to assign the user administration role to the users, but do not want the users to have permissions to DELETE groups from User administration page.
    Please also let me know, if we can just have users use the NWA to do the user administration instead of from the Portal?
    Thank you,
    ~~MK

    Hi MariaKutty,
    Koti is right, you need to create custom User administration role from standard role and restric the access in the custom role and assgined to the users.
    >Please also let me know, if we can just have users use the NWA to do the user administration instead of from the Portal?
    Then can to do from NWA also, if the user not required to have the portal access.
    Hope it helps
    Regards
    Arun

  • Is it possible to export and import the roles and users tables?

    Hi,
    is there any possibility to export and import the role and user definitions?
    We have a SAP MDM repository with a lot of roles and users and also with a lot of changes.
    And now I'm searching for a fast and efficient way of managing the roles and users.
    Thanks and Regards, Melanie

    Hi Melanie,
    There is no export/import functionality for roles and users.  The only way to manage these in an automated way would be to write a program that uses the Java or ABAP APIs.  Both APIs expose functionality to create, update and delete roles and users.
    Hope this helps,
    Richard

  • Assigning the role to user - not getting the page and tabs showing.

    I have a role with a page that contains 2 demo iviews.  They preview ok. but when I assign the role to user, it does not come up.  Could some one send me a help document for SP2?

    I got it.  Need to set Entry Point - Yes.

  • How to restrict the EBS end users to run only two same reports at a time?

    Hi,
    We are using EBS 12.0.6 and database 10.2.0.3.
    Is it possible to restrict the end business users to run only two reports at a time?
    OR
    Is it possible to restrict the end business users to run only two same reports at a time?
    Thanks.

    Is it possible to restrict the end business users to run only two same reports at a time?It is not possible.
    You can either make the report "incompatible" to itself (this means only one user in your company can run it at a time)
    Or not make it incompatible. (That means any user can run it any number of times)
    Incompatibility is a way of specifying which requests cannot be run under which circumstances.
    See http://download.oracle.com/docs/cd/A60725_05/html/comnls/us/fnd/incomp.htm
    You can use Hussain's suggestion to use Concurrent: Active Request Limit profile. You can set this profile value at each user level. But if you decide to set it at global level, remember to keep it a higher value for sysadmin kind of users that run scheduled jobs.
    Hope this helps,
    Sandeep Gandhi

  • Restrict the number of users logging onto the JAVA engine

    hi
    IS it possible to restrict the number of users logging on the JAVA Engine, if YES, how ?
    Thanks
    Jonu Joy

    Thanks for the replies, here's a little more info...
    We're working on project which allows a company to buy user licenses to access our portal.  So if a company has bought 5 licenses, the 6th user for that company will not be able to login.
    *Note: We treat each Access Key in the portal as a company.
    The way we determine if the user belongs to a company is by the AccessKey that is assigned to that user. We're not depending on IP addresses at all.
    Hope this clears the issue !
    I think we'll have to write some custom code to accomplish this.
    Thanks,
    harman

  • Role for User Administrator(Read only)

    Hi All,
    I want to create a role just like the role ofUser Administrator.But I want to make it read only.I want that the end user can perform search operation,can see the locked user,can see the roles but can't delete the user.Basically ,they shouldn't able to do the modification.
    Any suggestions will be appreciated.
    Paritosh

    I have only managed to do this by creating a role and assigning the relevant User Admin iViews to the role and then changing the End User Permissions on the role.
    I assigned the ReadAll Premission. That did the trick for me.
    Groups unfortunately require the manage_groups Permission, so we do not allow the viewing of groups.

  • Restricting the IT0002 for user

    Hello,
    I am trying to restrict the infotype 0002 for certain group of users
    with same role.
    I took out Infotype 0002 from PORIGINCON Auth obj for Infotype field.
    When I login with test user and went back to PA20.
    I still can see the personal data information including Dob and SSCno.
    I also see message  "Data hidden by screen modifications
    Message no. RP014"
    Diagnosis
    This infotype contains data which is not displayed.
    In table T588M (Infotype Screen Control), you can enter screen fields which are to be suppressed. If one of these fields contains an entry, the system issues a warning.This has no effect on evaluations.
    How can restrict the Infotypes 0002 and 0000 ?
    Please advise.
    From,
    PT.

    in order to restrict access to IT0000 & IT0002 you have a look at the P_ORGINCON objects as Auke has mentioned above. 
    the message you see has to do with usergroup specific settings. for example the information you see in IT0002 may differ per country and therefore you can set the different fields to be seen in the infotype in T588M per usergroup (UGR parameter).

  • SSM KPI Security:Restricting the measures to Users

    Hi
    I want to restrict only few KPIS(measures) to be accessed by a particular user. I was able to restrict only 22 measures(4 KPIs), beyond which i get an error.But this user should be able to access 20 KPIs(20*5 measures).  The syntax that i used:
    INDEX USER
         CASE USER1
              SELECT VARIABLES KPI59_ACT,KPI59_TAR,KPI59_TRD,KPI59_TARDEV,KPI59_TRDDEV,KPI20_ACT,KPI20_TAR,KPI20_TRD,KPI20_TARDEV,KPI20_TRDDEV,KPI58_ACT,KPI58_TAR,KPI58_TRD,KPI58_TARDEV,KPI58_TRDDEV,KPI57_ACT,KPI57_TAR,KPI57_TRD,KPI57_TARDEV,KPI57_TRDDEV,KPI2_ACT,KPI2_TAR,KPI2_TRD,KPI2_TARDEV,KPI2_TRDDEV
    ENDINDEX
    1. Is there any way that i can restrict the access to 20 KPIs (20*5 measures)?
    I also tried the following syntax but of no avail:
    For example here i tried restricting access to 3 KPIs(each of which has 5 measures:Tar,Act,Trend,Gap Performance,score)
    SELECT VARIABLES KPI1_* , KPI21_* , KPI33_*
    2. Is there a limit on the number of characters used in the select statement because of which only few measures were included in my case?

    Hello!
    I would suggest in these cases to use the folowing syntax:
    INDEX USER
    CASE USER1
    SELECT VAR KPI59*
    SELECT VAR PLUS KPI20*
    SELECT VAR PLUS KPI58*
    SELECT VAR PLUS KPI57*
    ENDINDEX
    When you are trying to just exclude one (or even just a few) measure(s), it will be more effective to type it like this:
    INDEX USER
    CASE USER1
    SELECT VAR *
    SELECT VAR MINUS KPI20*
    SELECT VAR MINUS KPI58*
    ENDINDEX
    After creating the SECURITY procedure, run it with
    job SECURITY
    command in IDQL command line. You will then be able to see right away if and where any syntax error occurs.
    Hope this helps!
    BR,
    Ricardo Vieira

  • Removing all the roles when user id is removed/set to expired

    Hi ,
    I have one requirement where , currently user is remove / expired correctly but the assosicated roles are still exist and gives problem in audit.
    need to write a program which will remove the roles associated with the user ID when it remove or expired ?
    pls guide.
    thanks

    Hi,
        Use BAPI BAPI_USER_PROFILES_DELETE.
    Regards,

  • Administration Menu Localization of User Permissions and Titles of DataGrids into the Roles and Users screens.

    Hey LightSwitch Team,
    I have a LightSwitch Web Application, that is already localized (en-EN and de-DE). Now I have the requirement to localize the names of the User Permissions into the Administration Screen (this is built-in functionality). How can I achieved
    this?
    Another Task is to translate the Titles of the DataGrid into the Users Screen and Roles Screen (Administration Menu), because they are in english language, instead of german (i.e. 'User and Groups', instead of 'Benuter und Gruppen' or 'Users
    and Groups in this Role', instead of 'Benutzer und Gruppen dieser Rolle').
    In addition of this the User Permissions are in the english language too. How can I translate all of them?
    Note: Another texts are already localized (e.g. 'Rolle von Gruppe geerbt').
     Many thanks. Any help would be greatly appreciated.

    Hi AndySta,
    Welcome to lightswitch forum.
    According to your description above, if you want to localize your lightswitch application, you need add a localized resource file, add a Resources File, and then name it Client.de-DE.resx, then call a resource from code. Check out
    https://msdn.microsoft.com/en-us/library/xx130603.aspx
     for further information.
    Best regards,
    Angie
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • OIM 11g-How to restrict the role administrator from seeing "other" roles

    Dear All,
    How to restrict Administrator from seeing roles he is not suppose to administer?
    My administrator is suppose to assign only Role A. When he logs in He can see every single role. How to correct it so that he can see only Role A?
    Thank you for your time
    Maria

    Modify "All User Role Management Policy"

  • Oracle Role for User Administration

    Hello,
    I am a DBA. We have a separate group that maintains oracle user accounts within an oracle database. We would like that group to maintain users (add/remove users from database, add/remove roles, etc.) but we do not want to give them the 'DBA' role for security reasons. Ideally, we want to grant them a role that gives them the ability to administer users but not do anything else.
    Does a role like this exist within Oracle? If not is there a workaround to obtain this type of functionality?
    Thank you!

    Do you have this actually working? I have it complaining about permissions on the line that tries to create the user. I thought oracle restricted doing this for security reasons. I am creating this as a user with the 'DBA' role and then when I try to execute it as the same user (which can create users normally) I get this error:
    SQL> exec system.create_user('troy1','troy1');
    BEGIN system.create_user('troy1','troy1'); END;
    ERROR at line 1:
    ORA-01031: insufficient privileges
    ORA-06512: at "SYSTEM.CREATE_USER", line 4
    ORA-06512: at line 1
    And here is the code (based off of the example)...
    CREATE OR REPLACE PROCEDURE create_user( p_username IN VARCHAR2, p_password IN VARCHAR2 )
    AS
    BEGIN
    EXECUTE IMMEDIATE 'CREATE USER ' || p_username || ' IDENTIFIED BY ' || p_password || ' DEFAULT TABLESPACE users ';
    END;
    Any ideas?

  • Restrict Moving roles with user assignment

    Hi There,
    Need your help...
    How to restrict to move roles from dev->QA with user assignment. (want to disable the user assignment restirction)
    Thanks and Regards,
    Gnanaprakasam

    Unfortunately this is not the default installation setting, so you need to go into the security settings customizing and change the USER_REL_IMPORT switch to 'NO'.
    This does however NOT make the checkbox disappear in the transport source system. It prevents the import in the target... so you must set it and transport it there first, then it works.
    Cheers,
    Julius

  • Restricting the Visibility of FireFighter Roles to selcted users

    Dear Experts,
    Is there any way to restrict the visibiilty of FireFigher roles in GRC CUP to only few authorized users. we have a requirement where a group of authorized users should be able to check out fire fighter roles on their own and these roles should be provisioned automatically to these users and then de-provision those roels after some time.  These  rolese should not be visible to the rest of the users.
    Any throughts on this would be greatly appreciated.
    Thanks
    Kumar

    Kumar,
      There is no straightforward or right way to do this as this feature is not available in CUP.
    You can associate those users with a functional area and restrict the role selection by functional area. Also, associate the roles with the same functional area. Again, this is not going to force users unless you bring functional area from the data source like LDAP and keep the field non-editable.
    Regards,
    Alpesh

Maybe you are looking for

  • How do you start apple mobile device

    i can not put the muisc on my ipod a message is posted this ipod can not be used because the apple mobile device has not started

  • BI Statistics Queries

    Hi All, Is there any standard query which gives data on how many reports are there in Production and out of them how many are used and how many are not used? Regards, Vishal

  • Error exporting to excel:  "Couldn't create file /tmp/numbers-export-temp"

    I'm trying to export a Numbers spreadsheet to Excel, like I've done a million times before, and suddenly, I'm getting the error in the subject.  I've repaired permissions, repaired the drive, the file does not exist in /tmp.  I'm baffled.  Has anyone

  • Kuler desktop

    I tried to install the adobe kuler desktop today but got following installation error : this application requires a version of adobe air which is no longer supported. Please contact the application author for an updated version. now I see I have 3 ve

  • X-fi elite pro/guitar port set up help nee

    Hi people, does anyone know if it's possible to run my guitar port thru my elite pro soundcard, and if so how do I go about connecting the two? Perhaps I'm missing something blindingly obvious, but I just can't seem too figure this one out. Any help