https://raw.githubusercontent.com/ajmaradiaga/feeds/main/scmt/topics/NW-ABAP-User-Administration-and-Authorization-qa.xmlSAP Community - NW ABAP User Administration and Authorization2024-05-20T11:11:21.487435+00:00python-feedgenNW ABAP User Administration and Authorization Q&A in SAP Communityhttps://community.sap.com/t5/human-capital-management-q-a/su53-errors-notify-to-me/qaq-p/13584642SU53 Errors - Notify to me2024-01-29T10:23:02.282000+01:00athakyriazhttps://community.sap.com/t5/user/viewprofilepage/user-id/163008<P>Hello <SPAN>Community , </SPAN></P><P><SPAN>i want to know if i can have a notify when someone have a authorization error.</SPAN></P><P><SPAN>SAP 4hana have this option to notify to me , in real time, when some user have Errors in SU53 ?</SPAN></P><P><SPAN>Thanks. </SPAN></P><P> </P><DIV><DIV class=""> </DIV></DIV>2024-01-29T10:23:02.282000+01:00https://community.sap.com/t5/human-capital-management-q-a/hi-team-we-need-to-have-the-administrator-or-snippet-author-role-to-be/qaq-p/13595253Hi Team, We need to have the ‘Administrator’ or ‘ Snippet Author’ role to be assigned in 'SAP Enable2024-02-05T16:54:38.325000+01:00w2sanchhttps://community.sap.com/t5/user/viewprofilepage/user-id/8291932024-02-05T16:54:38.325000+01:00https://community.sap.com/t5/technology-q-a/periodic-report-for-number-of-concurrent-users-in-sap/qaq-p/13609540Periodic report for number of concurrent users in SAP.2024-02-19T09:55:26.998000+01:00SAPSupporthttps://community.sap.com/t5/user/viewprofilepage/user-id/121003<P>Hi Team,</P><P>We want to get the number of concurrent users periodically in SAP. Is there any SAP report which can provide this detail periodically? </P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A target="_blank" href="https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/maximizing-the-power-of-sap-community-at-product-support/ba-p/13501276">here</A>.</B>2024-02-19T09:55:26.998000+01:00https://community.sap.com/t5/enterprise-resource-planning-q-a/ke5z-restrict-authorization/qaq-p/13610292KE5Z restrict authorization2024-02-19T16:41:09.461000+01:00liskaj01https://community.sap.com/t5/user/viewprofilepage/user-id/350773<P>Hi, I have this t-code in roles (with many other t-codes) that are inherited. This t-code can be restricted only via K_PCA field but that is no organization field which means that if mother role is changed/corrected and then profiles of the inherited roles re-generated, all the data in object K_PCA are lost (or set by mother role). I have tried many ways how to add addition checks to this t-code, but nothing actually worked (SU24, SU93, creating additional object via KE37, etc). Any other ideas? Thank you.</P>2024-02-19T16:41:09.461000+01:00https://community.sap.com/t5/technology-q-a/auth-object-to-restrict-access-to-global-data-client-level/qaq-p/13614222auth. object to restrict access to global data/ client level2024-02-21T11:20:11.441000+01:00SAPSupporthttps://community.sap.com/t5/user/viewprofilepage/user-id/121003<P>An authorization object needs to be applied to several roles.</P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A target="_blank" href="https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/maximizing-the-power-of-sap-community-at-product-support/ba-p/13501276">here</A>.</B>2024-02-21T11:20:11.441000+01:00https://community.sap.com/t5/technology-q-a/the-user-can-use-y-tcode-ymm-inv-but-in-suim-it-does-not-reflect-in-the/qaq-p/13614267The user can use y tcode YMM_INV but in SUIM it does not reflect in the said User ID SAPOCMM62024-02-21T11:50:53.369000+01:00igigus_igigushttps://community.sap.com/t5/user/viewprofilepage/user-id/382242<P>The user can use y tcode YMM_INV but in SUIM it does not reflect in the said User ID SAPOCMM6</P>2024-02-21T11:50:53.369000+01:00https://community.sap.com/t5/technology-q-a/bapi-user-change-not-work-under-cua-environment/qaq-p/13624770BAPI_USER_CHANGE not work under CUA environment2024-03-01T08:52:16.637000+01:00takashiootakehttps://community.sap.com/t5/user/viewprofilepage/user-id/317848<P>Hello SAP</P><P>We are trying to change user password by FM( BAPI_USER_CHANGE ). Our SAP system is running on CUA environment. Central system is Client( 100 ) of Development Server. We have checked restrictions of this FM under CUA. No special restriction were found. </P><P>I thought changing initial password will lead changing password of users on child system. Changing anohter item like first name & last name will lead to changing those of user on child system. However nothing happened as we expected. So we didn't specified target child system. I attach our test senario. By the way, excel file cannot uploaded ? </P><P>Why anything happen ? Is ther any restriction for Functional Module under CUA environment ?</P><P>Best Regards,</P><P> </P><P> </P><P> </P><P> </P><P> </P>2024-03-01T08:52:16.637000+01:00https://community.sap.com/t5/technology-q-a/change-company-name-address/qaq-p/13624850change company name & address2024-03-01T09:46:35.885000+01:00SAPSupporthttps://community.sap.com/t5/user/viewprofilepage/user-id/121003<P>Hi Sap<BR />my company has change name and address.</P><P>so i want to change that for all users in system</P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A target="_blank" href="https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/maximizing-the-power-of-sap-community-at-product-support/ba-p/13501276">here</A>.</B>2024-03-01T09:46:35.885000+01:00https://community.sap.com/t5/technology-q-a/bapi-user-change-under-cua-environment/qaq-p/13624991BAPI_USER_CHANGE under CUA environment2024-03-01T10:33:58.265000+01:00SAPSupporthttps://community.sap.com/t5/user/viewprofilepage/user-id/121003<P>Hello SAP</P><P>We are trying to change user password by FM( BAPI_USER_CHANGE ). Our SAP system is running on CUA environment. We have checked restrictions of this FM under CUA. No special restriction were found. </P><P>I thought changing initial password will lead changing password of users on child system. Changing anohter item like first name & last name will lead to changing those of user on child system. However nothing happened as we expected. So we didn't specified target child system.</P><P>Why anything happen ? Is ther any restriction for Functional Module under CUA environment ?</P><P> </P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A target="_blank" href="https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/maximizing-the-power-of-sap-community-at-product-support/ba-p/13501276">here</A>.</B>2024-03-01T10:33:58.265000+01:00https://community.sap.com/t5/technology-q-a/how-to-change-log-retention-period-about-user-change-documents-in-sap-hana/qaq-p/13625079How to change log retention period about User Change Documents in sap hana2024-03-01T11:36:09.912000+01:00SAPSupporthttps://community.sap.com/t5/user/viewprofilepage/user-id/121003<P>Dear SAP,</P><P>I wonder if there is a way to change the log retention period for permissions and profile items that are output when inquiring user change documents through transaction SUIM.</P><P>Whether it can be easily changed through setting,<BR />Please check if we need to develop a program that deletes data from a specific table and if there is any other way, please let us know.</P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A target="_blank" href="https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/maximizing-the-power-of-sap-community-at-product-support/ba-p/13501276">here</A>.</B>2024-03-01T11:36:09.912000+01:00https://community.sap.com/t5/technology-q-a/su01-account-type/qaq-p/13636554SU01 account type2024-03-13T09:26:05.242000+01:00SAPSupporthttps://community.sap.com/t5/user/viewprofilepage/user-id/121003<P>Dear Expert:</P><P>About su01 field "User Type", I confuse how to use.</P><P>For my current issue , other SAP system use (ALE and RFC) to communication . If I set User Type:Communication , it will face "<U>Password logon not possible (Initial password expired)</U> ".</P><P>I can set User Type: System , it work. For my current system use, just ALE & RFC. We wish No need change password , password nerver expired. Which User Type useful for my need ?</P><P>~~<BR />Jeff</P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A target="_blank" href="https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/maximizing-the-power-of-sap-community-at-product-support/ba-p/13501276">here</A>.</B>2024-03-13T09:26:05.242000+01:00https://community.sap.com/t5/enterprise-resource-planning-q-a/mii-erp-idoc-user-type-communication-data/qaq-p/13639770MII - ERP IDOC: user type Communication Data2024-03-15T14:30:53.948000+01:00mario_bisonti2https://community.sap.com/t5/user/viewprofilepage/user-id/303164<P>Hi everyone.</P><P>We have the application resource XMIIIDOC01 setting with username ME_USER and password on the MII application server.</P><P>ME_USER is an ERP user of type "Comunication Data"</P><P>Because communication data user type is affected by the password expiretime, it could be a problem.</P><P>Which is the best practice to workaround this problem?</P><P>Thanks a lot<BR />Mario</P><DIV class=""><DIV><DIV class=""> </DIV><DIV class=""><DIV class=""><DIV class=""> </DIV><DIV class=""><P class=""> </P><P class=""> </P></DIV></DIV></DIV></DIV></DIV>2024-03-15T14:30:53.948000+01:00https://community.sap.com/t5/enterprise-resource-planning-q-a/how-to-prevent-creating-warehouse-tasks-for-some-storage-types/qaq-p/13643709How to prevent creating warehouse tasks for some storage types2024-03-20T06:42:31.860000+01:00TolgaTitizhttps://community.sap.com/t5/user/viewprofilepage/user-id/1395745<P>Hello Experts, I need to prevent creating warehouse tasks for some storage types by unauthorized users. </P><P>Due to my tests, this authorization depends on the TOCR object.</P><P>However, these users still have permission to create warehouse tasks despite they do not have LGTY attributes of those storage types.</P><P>I do not have this problem in the QA system but exists in the Production system.</P><P>Waiting for your kind responses. </P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="TolgaTitiz_0-1710912254564.png" style="width: 341px;"><img src="https://community.sap.com/t5/image/serverpage/image-id/83477i8FC7CD508EC3E42A/image-dimensions/341x42?v=v2" width="341" height="42" role="button" title="TolgaTitiz_0-1710912254564.png" alt="TolgaTitiz_0-1710912254564.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="TolgaTitiz_1-1710912281788.png" style="width: 400px;"><img src="https://community.sap.com/t5/image/serverpage/image-id/83479i9383417ABF371D44/image-size/medium?v=v2&px=400" role="button" title="TolgaTitiz_1-1710912281788.png" alt="TolgaTitiz_1-1710912281788.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="TolgaTitiz_2-1710912477037.png" style="width: 563px;"><img src="https://community.sap.com/t5/image/serverpage/image-id/83480i040CA2380566B349/image-dimensions/563x65?v=v2" width="563" height="65" role="button" title="TolgaTitiz_2-1710912477037.png" alt="TolgaTitiz_2-1710912477037.png" /></span></P><P> </P>2024-03-20T06:42:31.860000+01:00https://community.sap.com/t5/technology-q-a/restriction-of-transaction-code/qaq-p/13645508Restriction of transaction code2024-03-21T12:07:52.029000+01:00SAPSupporthttps://community.sap.com/t5/user/viewprofilepage/user-id/121003<P>We are localizing an authorization and role for support users when functional test the transaction codes there were data's that can view globally.</P><P>We understand that not all transaction code has the restriction for organization level.</P><P>Sample is for tcode OBY6 functional can see data from other countries and we have checked in Su24 there is no auth obj being pulled and one is for SE16 we understand that this can be limit only based on the table auth group.</P><P>Is there a possibility to restrict certain transaction codes on specific country only? These involved mostly with IT Support tcodes?</P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A target="_blank" href="https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/maximizing-the-power-of-sap-community-at-product-support/ba-p/13501276">here</A>.</B>2024-03-21T12:07:52.029000+01:00https://community.sap.com/t5/technology-q-a/s-develop-and-s-rfc-auth-objects/qaq-p/13651992S_DEVELOP and S_RFC Auth Objects2024-03-28T06:19:59.287000+01:00Vincent801https://community.sap.com/t5/user/viewprofilepage/user-id/924106<P>Dear BW Experts,</P><P>We are currently migrating the Old BW flows using In-place migration. For performing this, We got one SAP note <STRONG>2383530</STRONG> from SAP which has all authorization objects and other details. In the SAP Note, the Authorization Object S_DEVELOP and S_RFC is specified. I just want to know, what are the tasks that will support, while adding the authorization objects S_DEVELOP and S_RFC to the User. I have an idea that, S_DEVELOP auth object is specific to ABAP. But want to know specific tasks related to ABAP.</P><P>I also want to know about the Auth object S_RFC. Could you please let me know what are tasks that will allow specific to Auth Object S_RFC.</P><P>Link for SAP Note :</P><P><A href="https://me.sap.com/notes/2383530/E" target="_blank" rel="noopener noreferrer">2383530</A></P><P>Thanks.</P>2024-03-28T06:19:59.287000+01:00https://community.sap.com/t5/enterprise-resource-planning-q-a/list-of-users-which-can-create-or-change-something/qaq-p/13652631List of users which can create or change something2024-03-28T15:20:19.785000+01:00anonymkimhttps://community.sap.com/t5/user/viewprofilepage/user-id/830212<P>Hello,</P><P>I'm working on SAP ECC and I was wondering this : I want to display all users that can create or change something in SAP ( I want them to be able only to display SAP objects and data not creating nor changing )</P><P>Thanks</P><P>Best regards,</P><P>Roméo.</P>2024-03-28T15:20:19.785000+01:00https://community.sap.com/t5/technology-q-a/to-find-out-and-analyze-what-tables-and-programs-user-accessed-past-6/qaq-p/13658637To find out and analyze what tables and programs user accessed past 6 months using which roles.2024-04-04T10:56:43.959000+02:00SAPSupporthttps://community.sap.com/t5/user/viewprofilepage/user-id/121003<P>we are trying to restrict S_PROGRAM with * value </P><P>To find out and analyze what tables and programs user accessed past 6 months.</P><P>1. we have checked the program/table usage via SM20 logs for users but is there any way to check in S/4 system for program/table usage of user through which role it is being accessed through any other standard tcode /reports?</P><P><BR />2.If we have any other possible way to get the program/table usage of users and through which role it is being accessed through any GRC standard tcode/report?</P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A target="_blank" href="https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/maximizing-the-power-of-sap-community-at-product-support/ba-p/13501276">here</A>.</B>2024-04-04T10:56:43.959000+02:00https://community.sap.com/t5/enterprise-resource-planning-q-a/user-description-update/qaq-p/13667908User Description update2024-04-12T09:48:51.832000+02:00whereisbrianhttps://community.sap.com/t5/user/viewprofilepage/user-id/824932<P>Dear all,</P><P>I try to change user description using BAPI <!-- StartFragment --><SPAN>BAPI_USER_CHANGE</SPAN> or <!-- StartFragment --><SPAN>IDENTITY_MODIFY. I hope that will change IDADTYPE too (the same than using Fiori).</SPAN></P><P><SPAN>In both case function modules return a message 201(SUID01) : </SPAN><SPAN>User attribute "Description" cannot be maintained in this system.</SPAN></P><P><SPAN>We have a CUA. </SPAN></P><P><SPAN>This description can be changed using Fiori Application but not in workbench system.</SPAN></P><P><SPAN>After trying to see this property in transaction SCUM, I am not able to see corresponding property.</SPAN></P><P><SPAN>Any idea?</SPAN></P><P><SPAN>Thanks for your help.</SPAN></P><P><SPAN>Regards,</SPAN></P><P><SPAN>David</SPAN></P>2024-04-12T09:48:51.832000+02:00https://community.sap.com/t5/technology-q-a/retire-the-se16-in-production-server/qaq-p/13689109Retire the SE16 in Production server2024-05-02T10:19:22.958000+02:00SAPSupporthttps://community.sap.com/t5/user/viewprofilepage/user-id/121003<P>There is issue with Tx. SE16. Our management want to disable the use of Tx SE16 in Production environment.</P><P>We already restricted through authorization but remove the possibilities for accidental assignment . Please share the possibilities how should we proceed.</P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A target="_blank" href="https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/maximizing-the-power-of-sap-community-at-product-support/ba-p/13501276">here</A>.</B>2024-05-02T10:19:22.958000+02:00https://community.sap.com/t5/technology-q-a/rfc-user-and-permissions/qaq-p/13696014RFC user and permissions2024-05-09T09:25:31.966000+02:00ando1692https://community.sap.com/t5/user/viewprofilepage/user-id/1439999<P>Hi all! SAP ERP total newbie here,</P><P>I wanna make some RFC calls from VBA and power automate (using SAP ERP connector) and I would like to know which type of user should I create in SAP (I assume technical one, not dialog) as well as the roles required for making RFC and BAPI calls. I would like the authentication to be via SAP Authentication (i.e. username and password)</P><P>Thanks!</P>2024-05-09T09:25:31.966000+02:00