Restrict users from changing roles

Is there a way to restrict users from changing roles
themselves? If a user goes to My Connections and then clicks Edit,
they could, in theory, change to any group they want--except to the
administrator group because you have to enter a password. If the
admin isn't watching the site 24/7, the user can change their roll,
let's say from a writer to a publisher, and publish something
before the admin can notice.
Is there anything that can be done to restrict that?

You can use connection keys...this will only allow a user to
change their name and email address (I think...I can check on this
tomorrow). We use these at my work and it allows for a lot more
control over who is assigned to the proper groups.

Similar Messages

  • Restricting user from changing price in me22n after goods receipt

    i want to restrict the users from changing the price of the material in me22n after after goods receipt.
    pls tell me the userexit for it with detail.

    Okay, then let me play the role of the bad man.
    Why would you need to restrict users from changing a price after GR ?
    Do you think that users are changing prices just for fun or to mess up the system?
    Have you talked to users why they want change the price after a GR?
    do you have an alternative plan, for the case that the price really needs to be changed to be able to post the invoice?  do you want to cancel always the GR in this case? Is is possible? What if the stock is already issued? do you then want to cancel the entire chain? what if a month end closure was already done?

  • Restrict users from changing password on first login?

    Hi,
    I am doing mass user upload into UME using script import. How should I use the below functionality to restrict the users from changing password on first login?
    IUserAccount uacc =UMFactory.getUserAccountFactory().newUserAccount(uid,newUser.getUniqueID());
    uacc.setPassword("saras");
    uacc.setPasswordChangeRequired(false);
    How to implement above functionality with mass upload from script import?
    Thanks
    Srinivas
    Edited by: srinivas M on Jan 20, 2009 9:05 PM

    hi srinivas,
    try this api
    http://help.sap.com/javadocs/NW04S/current/se/com/sap/security/api/IUserAccount.html#isPasswordChangeRequired()
    https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/40d562b7-1405-2a10-dfa3-b03148a9bd19
    this document able to retrive the password.. same positon u can disable the field
    https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/10649c90-24af-2b10-1086-ea0667ec3655
    thanks

  • How can we restrict users from changing the data in HFM.

    Hi All,
    We have requirement from users where, They don't want the base data being loaded from SAP to HFM via FDM through ERPi to get changed in HFM at <Entity Currency>. They want data to be read only and no body should be able to change neither Grid nor Forms and neither Smart View. If we restrict by Shared services access then again they can't change ownership management value.
    Regards,
    Sushil

    Hi Thanos, Thanks for your reply.
    Yes i am aware of the security class, so your suggestion is to use security classes to restrict users? And how can i use the phased submission for the same?  I am new to HFM so please bear with me.
    I have one more question that my Application is HFM EPMA application. So is it necessary to have Application Administrator to change hierarchy and Deploy the Application from EPMA?
    Thanks,
    Sushil

  • How to stop  the users from changing the Decimal in SAP

    How  to stop  the users from changing User Profile

    Hai,
    It is not possible to restrict SU3 to display, because it has only S_TCODE has the authorization object.
    If you really want to restrict users from changing their profile you have to remove the SU3 access and give SU1 or SU2 which gives access only to Personnel details and Parameters.
    Hope this helps.
    Regards,
    Yoganand.V

  • Restrict A User From Changing A Payment Term While Adding A/R Invoice

    Dear Experts,
    We want to restrict our users from changing payment terms while adding A/R Invoice.
    We use SAP B1 2007 b.
    Thanking  you
    Pradnya

    Hi,
    try below code in transaction notification procedure:
    if (@object_type = '13') and (@transaction_type IN ('A', 'U'))
    BEGIN
    IF exists (select T0.DocEntry FROM OINV T0 Inner Join OCRD T1 on T0.CardCode=T1.CardCode Where T0.GroupNum  !=T1.GroupNum and T0.DocEntry =@list_of_cols_val_tab_del)
              Begin
                   SET @error = 30
                   SET @error_message =N'You are not authorized to change payment terms'     
              end
    END
    for how the transaction notification works or how to use :
    check How to use Transaction Notification
    Thanks,
    Neetu

  • How to restrict user to change status.

    Dear All,
    we want to restrict users to change the status from set to assign to released status.
    is there any authorization object to restirct user to change status?
    i was trying with object CPRO_DPO Create Project Definition with activity 43 release ,but unable to do so.
    Please do need ful
    Regards
    Ravindra

    Hi Ravi,
    probably you need to create user status profile.
    Use TA BS02 to create status profile
    here you have to add authorization key which needs to be defined in BS52
    use b_user_stat auth object to give profiles in custom roles in PFCG
    Thus you can block access to change status
    Niranjan
    Let me know if it helps
    Points welcome
    Thanks Mathias
    Edited by: Niranjan Dandekar on Apr 2, 2009 1:21 PM
    Edited by: Niranjan Dandekar on Apr 2, 2009 1:21 PM

  • How to Restrict users to change password

    Hi All,
     I would like to restrict user to change password only defined number of times in a day, Is it possible to do it through group policies.
    Please note i am already aware of "Minimum Password age" feature, however i do not want to use it as the minimum value that i can set here is 1 day. I would like to restrict users based on password reset threshold e.g. User can reset his password
    in a day only twice or thrice.
    Thanx & Regards,
    Wasim Parkar

    If you want to limit the user to have his/her password changed for a specific number of time every day, I have to say
    NO thats not possible. PSO's as other mentioned,can be used to have different password policies. Maybe you can set the msDS-MinimumPasswordAge
    to 00:04:00:00 which is equal to 4 hours. It means every 4 hours a user will be able to change his/her password. So in each day a user can change the password 6 times, since a day is 24 hours.
    Do not forget a day start from 00:00 AM up to 11:59 PM. So in a 9 to 5 job, a user may change the password 2-3 times.
    Hope it helps.
    Mahdi Tehrani Loves Powershell
    Please kindly click on Propose As Answer or to mark this post as
    and helpfull to other poeple.

  • Need to restrict users from adding or modifying folders or reports

    Requirement: Need to restrict users from adding or modifying folders or reports through Info view and to reflect the modifications only thriough LCM.
    Issue: Customer wants to restrict users from adding or modifying existing reports from Infoview and need to force users to do make the changes through Life cycle manager tool.
    As per my understanding LCM can only be used to to promote folders and objects from one environment to another and to schedule the promotion of these jobs on a daily basis.My query is:
    Can we add or modify existing reports or folders using the LCM tool?
    Could you please help me out in this issue and provide me your suggestions.
    Thanks in advance.
    Prashanthi Rayaprolu.

    You can not restrict that using LCM. Need to modify the rights at the folder level.
    Explicitly remove the following rights for the user group,
    Add objects to the folder
    Edit objects
    Delete objects
    Copy objects to another folder (check this if required)
    Once the above four are denied then users wont be able to Edit/Add/Delete reports in that folder.

  • Restrict users from editing and deleting not owned items

    Hello guys.
    I'm trying to restrict users from editing and deleting items created by other users. I know, that it can be achieved by using SPList.WriteSecurity parameter, but if I change its value to 2 or 4 - nothing happens... 
    May be there are some list permissions that can override this security setting? I tried to combine permissions in different ways but users either cannot modify any items or can edit/delete all of them... 
    By the way, setting ReadSecurity=2 works as it should work regardless of user permissions...
    Please help.

    Hi,
    I understand that you want to change the write security for the document library. You can try the PowerShell script below:
    $web = Get-SPWeb http://serverURL
    $list = $web.Lists["Document library"]
    $list.ReadSecurity = 2
    $list.WriteSecurity =2
    $list.Update()
    $web.Dispose()
    This setting will not affect the site collection administrator, he will always be able to edit the documents. You need to sue another account to have a test. If this still doesn't work, I think you need to manually edit the permission for each documents.
    Thanks,
    EnTan Ming
    Entan Ming
    TechNet Community Support

  • How to disable other users from changing the status

    Hi,
    The status entry field can be changed irrespective of ownership in Documents.
    I was able to change the status on the document created by other user.
    Example: The status of document was In-Work. The document owner was X. But I was able to change it to Inspection Check.
    How to disable other users from changing the status?
    Regards,
    Shashi

    This is a frequently discussed topic.Please use the search feature.It has been discussed in [previous posts|CV01N: Filter documents by role; in various contexts.
    Regards,
    Pradeepkumar Haragoldavar

  • Restrict User to change Page Number

    Hi Geeks,
    In my App, I want to restrict user to change page number from the browser.
    I am using APEX 4.1
    Browser: Mozilla Firefox
    Regards
    Animesh

    Marko Goricki wrote:
    Hi Geek,
    SSP works only if you're passing some parameters.Not true. it depends on the configuration.
    If I rewrite your statement Arguments must have checksum will only work if you pass some parameters in the url.
    But there is also another setting called No URL Access this prevents loading the page using a url Instead it should be processed via branch
    This is what it says in the documentation:
    No URL Access - The page may not be accessed using a URL,
    however the page may be the target of a Branch to Page branch type,
    which does not do a URL redirect.

  • Restricting users from removing EFB paramter

    Dear all,
    We have defined user parameter EFB in OMET to ensure users have reference documents when creating a PO. This EFB parameter is then added to the user profile via SU3's parameter tab.
    However, all users have access to SU3 to define their own set of parameters. With that, we run into the risk of users removing the assigned EFB parameter themselves, thus allowing creation of PO without reference.
    Is there anyway that we can restrict users from removing this parameter or are there any alternatives?
    Thanks.

    Hello,
    Sorry, but there´s no option to prevent the change if the user parameters.
    I could find the answer from a developer:
    "the maintenance of PIDs is designed without any authorization check. The background is that every user should have the possibility to fit his/her own PIDs for daily work.".
    Best Regards,
    Arminda Jack

  • Is it possible to prevent users from changing iPad background?

    I am currently helping deploy 130 iPads for a school using Apple Configurator. I have set the desired wallpaper and lockscreen text via Apple Configurator, however this can easily be removed if a user decides to change the lockscreen wallpaper. Is there any way to set a restriction that would prevent a user from changing the lockscreen wallpaper? Any ideas would be greatly appreciated! Thanks for the help in advance!

    I heard that with iOS6 MDMs could have the ability to remotely change the wallpaper and lockscreen OTA. So far Airwatch is the only one I've heard of that claims to be able to do it:
    http://www.air-watch.com/company/news-room/press-releases/2012/09/airwatch-offer s-same-day-comprehensive-support-for-apple-ios-6
    (scroll down to "New MDM Capabilities")
    I hope other MDM's adopt this. It sure would be nice to be able to do this from an MDM.
    Hope this helps!
    ~Joe

  • How do I prevent other Mac users from changing my Airport Extreme Network Name and Password within the Airport Utility?

    How do I prevent other Mac users from changing my Airport Extreme Network Name and Password within the Airport Utility?  My company is using an Airport Extreme in our office now and I want to prevent other employees from messing with the network/settings.  Is there a way to place a password on the settings to allow only the admin to access the network name and password? 

    Hi - you have will have to change the device passwords on all the base stations and then don't give them to anyone except the administrators and tell them not to save them on their computers that use the older versions of the Airport Utility - for the newer versions like the mobile apps, as soon as you enter the pasword it is saved and is visible in the advanced pane along with the network password - so if anyone gets a hold of your iPad or iPhone, they can edit the whole network - I have this same issue with my networks in the office and it is inconvenient but doable - I hope this helps

Maybe you are looking for