Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
Reply from Alex Ayers on Nov 24 at 10:26 AM Hi Gopi, I guarantee you that it would be simple to change users passwords with a role designed as described and using standard transactions. The relevant S_USER_ auths have to be restricted and you need to look at the other ways that your control could be circumvented. Using that example a user could create a role and assign it to themselves, they could change the role that they have and add the access back in again. They could have some fun with the debugger, they could write some code and/or use some FM's to bypass the removal of those transactions. Those are only a few of the ways that this control could be circumvented.
| | | ---------------Original Message--------------- From: gopi301 Sent: Thursday, November 24, 2016 10:07 AM Subject: How To Give A User SAP ALL Authorizations But Prevent Him From Changing Users Passwords Hi, (i) Create new role & save it (ii) in the authorization tab of that new role, select change authorizations & select the template sap_all (iii) then select "adopt reference" select yes for next pop up (iv) search the auth field s_tcode (v) there edit the t code and give the values a* to su00, su02 to su09, su11 to z* (vi) maintain these values and and inactivate the rest or open authorizations then generate it and assign the role to that user. Note: Users Password should be changed by using the T code su01 & su10 only. Hence the above method is to block su01 and su10. | | Reply to this email to post your response. __.____._ | In the Spotlight Become a blogger at Toolbox.com and share your expertise with the community. Start today. _.____.__ |