Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
Reply from Alex Ayers on Nov 24 at 10:26 AM Hi Gopi,
I guarantee you that it would be simple to change users passwords with a
role designed as described and using standard transactions. The relevant
S_USER_ auths have to be restricted and you need to look at the other ways
that your control could be circumvented. Using that example a user could
create a role and assign it to themselves, they could change the role that
they have and add the access back in again. They could have some fun with
the debugger, they could write some code and/or use some FM's to bypass the
removal of those transactions. Those are only a few of the ways that this
control could be circumvented.
| | | ---------------Original Message---------------
From: gopi301
Sent: Thursday, November 24, 2016 10:07 AM
Subject: How To Give A User SAP ALL Authorizations But Prevent Him From Changing Users Passwords
Hi,
(i) Create new role & save it
(ii) in the authorization tab of that new role, select change authorizations & select the template sap_all
(iii) then select "adopt reference" select yes for next pop up
(iv) search the auth field s_tcode
(v) there edit the t code and give the values a* to su00, su02 to su09, su11 to z*
(vi) maintain these values and and inactivate the rest or open authorizations then generate it and assign the role to that user.
Note: Users Password should be changed by using the T code su01 & su10 only. Hence the above method is to block su01 and su10. |
| Reply to this email to post your response. __.____._ | In the Spotlight Become a blogger at Toolbox.com and share your expertise with the community. Start today.   _.____.__ |
