SAP Community - NW ABAP User Administration and Authorization

SU53 Errors - Notify to me

2024-01-29T10:23:02.282000+01:00

Hello Community ,

i want to know if i can have a notify when someone have a authorization error.

SAP 4hana have this option to notify to me , in real time, when some user have Errors in SU53 ?

Thanks.

Hi Team, We need to have the ‘Administrator’ or ‘ Snippet Author’ role to be assigned in 'SAP Enable

2024-02-05T16:54:38.325000+01:00

Periodic report for number of concurrent users in SAP.

2024-02-19T09:55:26.998000+01:00

Hi Team,

We want to get the number of concurrent users periodically in SAP. Is there any SAP report which can provide this detail periodically?

------------------------------------------------------------------------------------------------------------------------------------------------
Learn more about the SAP Support user and program here.

KE5Z restrict authorization

2024-02-19T16:41:09.461000+01:00

Hi, I have this t-code in roles (with many other t-codes) that are inherited. This t-code can be restricted only via K_PCA field but that is no organization field which means that if mother role is changed/corrected and then profiles of the inherited roles re-generated, all the data in object K_PCA are lost (or set by mother role). I have tried many ways how to add addition checks to this t-code, but nothing actually worked (SU24, SU93, creating additional object via KE37, etc). Any other ideas? Thank you.

auth. object to restrict access to global data/ client level

2024-02-21T11:20:11.441000+01:00

An authorization object needs to be applied to several roles.

The user can use y tcode YMM_INV but in SUIM it does not reflect in the said User ID SAPOCMM6

2024-02-21T11:50:53.369000+01:00

The user can use y tcode YMM_INV but in SUIM it does not reflect in the said User ID SAPOCMM6

BAPI_USER_CHANGE not work under CUA environment

2024-03-01T08:52:16.637000+01:00

Hello SAP

We are trying to change user password by FM( BAPI_USER_CHANGE ). Our SAP system is running on CUA environment. Central system is Client( 100 ) of Development Server. We have checked restrictions of this FM under CUA. No special restriction were found.

I thought changing initial password will lead changing password of users on child system. Changing anohter item like first name & last name will lead to changing those of user on child system. However nothing happened as we expected. So we didn't specified target child system. I attach our test senario. By the way, excel file cannot uploaded ?

Why anything happen ? Is ther any restriction for Functional Module under CUA environment ?

Best Regards,

change company name & address

2024-03-01T09:46:35.885000+01:00

Hi Sap
my company has change name and address.

so i want to change that for all users in system

BAPI_USER_CHANGE under CUA environment

2024-03-01T10:33:58.265000+01:00

Hello SAP

We are trying to change user password by FM( BAPI_USER_CHANGE ). Our SAP system is running on CUA environment. We have checked restrictions of this FM under CUA. No special restriction were found.

Why anything happen ? Is ther any restriction for Functional Module under CUA environment ?

How to change log retention period about User Change Documents in sap hana

2024-03-01T11:36:09.912000+01:00

Dear SAP,

I wonder if there is a way to change the log retention period for permissions and profile items that are output when inquiring user change documents through transaction SUIM.

Whether it can be easily changed through setting,
Please check if we need to develop a program that deletes data from a specific table and if there is any other way, please let us know.

SU01 account type

2024-03-13T09:26:05.242000+01:00

Dear Expert:

About su01 field "User Type", I confuse how to use.

For my current issue , other SAP system use (ALE and RFC) to communication . If I set User Type:Communication , it will face "Password logon not possible (Initial password expired) ".

I can set User Type: System , it work. For my current system use, just ALE & RFC. We wish No need change password , password nerver expired. Which User Type useful for my need ?

~~
Jeff

MII - ERP IDOC: user type Communication Data

2024-03-15T14:30:53.948000+01:00

Hi everyone.

We have the application resource XMIIIDOC01 setting with username ME_USER and password on the MII application server.

ME_USER is an ERP user of type "Comunication Data"

Because communication data user type is affected by the password expiretime, it could be a problem.

Which is the best practice to workaround this problem?

Thanks a lot
Mario

How to prevent creating warehouse tasks for some storage types

2024-03-20T06:42:31.860000+01:00

Hello Experts, I need to prevent creating warehouse tasks for some storage types by unauthorized users.

Due to my tests, this authorization depends on the TOCR object.

However, these users still have permission to create warehouse tasks despite they do not have LGTY attributes of those storage types.

I do not have this problem in the QA system but exists in the Production system.

Waiting for your kind responses.

Restriction of transaction code

2024-03-21T12:07:52.029000+01:00

We are localizing an authorization and role for support users when functional test the transaction codes there were data's that can view globally.

We understand that not all transaction code has the restriction for organization level.

Sample is for tcode OBY6 functional can see data from other countries and we have checked in Su24 there is no auth obj being pulled and one is for SE16 we understand that this can be limit only based on the table auth group.

Is there a possibility to restrict certain transaction codes on specific country only? These involved mostly with IT Support tcodes?

S_DEVELOP and S_RFC Auth Objects

2024-03-28T06:19:59.287000+01:00

Dear BW Experts,

We are currently migrating the Old BW flows using In-place migration. For performing this, We got one SAP note 2383530 from SAP which has all authorization objects and other details. In the SAP Note, the Authorization Object S_DEVELOP and S_RFC is specified. I just want to know, what are the tasks that will support, while adding the authorization objects S_DEVELOP and S_RFC to the User. I have an idea that, S_DEVELOP auth object is specific to ABAP. But want to know specific tasks related to ABAP.

I also want to know about the Auth object S_RFC. Could you please let me know what are tasks that will allow specific to Auth Object S_RFC.

Link for SAP Note :

2383530

Thanks.

List of users which can create or change something

2024-03-28T15:20:19.785000+01:00

Hello,

I'm working on SAP ECC and I was wondering this : I want to display all users that can create or change something in SAP ( I want them to be able only to display SAP objects and data not creating nor changing )

Thanks

Best regards,

Roméo.

To find out and analyze what tables and programs user accessed past 6 months using which roles.

2024-04-04T10:56:43.959000+02:00

we are trying to restrict S_PROGRAM with * value

To find out and analyze what tables and programs user accessed past 6 months.

1. we have checked the program/table usage via SM20 logs for users but is there any way to check in S/4 system for program/table usage of user through which role it is being accessed through any other standard tcode /reports?

2.If we have any other possible way to get the program/table usage of users and through which role it is being accessed through any GRC standard tcode/report?

User Description update

2024-04-12T09:48:51.832000+02:00

Dear all,

I try to change user description using BAPI BAPI_USER_CHANGE or IDENTITY_MODIFY. I hope that will change IDADTYPE too (the same than using Fiori).

In both case function modules return a message 201(SUID01) : User attribute "Description" cannot be maintained in this system.

We have a CUA.

This description can be changed using Fiori Application but not in workbench system.

After trying to see this property in transaction SCUM, I am not able to see corresponding property.

Any idea?

Thanks for your help.

Regards,

David

Retire the SE16 in Production server

2024-05-02T10:19:22.958000+02:00

There is issue with Tx. SE16. Our management want to disable the use of Tx SE16 in Production environment.

We already restricted through authorization but remove the possibilities for accidental assignment . Please share the possibilities how should we proceed.

RFC user and permissions

2024-05-09T09:25:31.966000+02:00

Hi all! SAP ERP total newbie here,

I wanna make some RFC calls from VBA and power automate (using SAP ERP connector) and I would like to know which type of user should I create in SAP (I assume technical one, not dialog) as well as the roles required for making RFC and BAPI calls. I would like the authentication to be via SAP Authentication (i.e. username and password)

Thanks!