[sap-security] SU10 / S#(591) : Role and1 is locked by user and 2
Posted by
Admin at
Share this post:
|
0 Comments
Posted by edmarks (Security Admin) on Mar 22 at 4:27 PM |
In using SU10 to bulk update a large number of users (>100) not all of the idocs are posting properly. Some of the idocs are set to status 53 (Success) but have the following error "S#(591) : Role &1 is locked by user &2".
In the past we were using the batch / serial method (RBDAPP01) for processign these, but the problem with that is that it attaches the batch users ID to the changes and not the ID that created the IDoc. From a SOX perspective we need to accurately track the ID of the security admin making the change. This has led us to investigate using trusted RFC's but now we're having issues when updating large numbers of users. The two major SAP Notes I've been reading are:
399271 - CUA: Tips for optimizing ALE distribution performance
557610 - CUA: Lock problem with serial IDOC processing
898213 - CUA: Change documents for role and profile assignments
__.____._ In the past we were using the batch / serial method (RBDAPP01) for processign these, but the problem with that is that it attaches the batch users ID to the changes and not the ID that created the IDoc. From a SOX perspective we need to accurately track the ID of the security admin making the change. This has led us to investigate using trusted RFC's but now we're having issues when updating large numbers of users. The two major SAP Notes I've been reading are:
399271 - CUA: Tips for optimizing ALE distribution performance
557610 - CUA: Lock problem with serial IDOC processing
898213 - CUA: Change documents for role and profile assignments
Copyright © 2010 Toolbox.com and message author.
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Related Content
In the Spotlight
_.____.__ White Papers
In the Spotlight
55% of IT Pros Use Social Media to Advance Their Careers. See the Survey Results