04-27-2012 12:24 AM
Hello Gurus,
I am trying to set up a role for Service desk for Unlocking & resetting passwords only. I am getting "no authorization to change user in user group" when i am trying to change a test user (not assigned to any group). I have set up S_USER_GRP with ACTVT = 05 (Lock) & 03 (display). But the system is checking for ACTVT = 02 even for password resets. I am on SAP NW XI 7.1 and i really need to set this role up without ACTVT = 02 for service desk. I would really appreciate if you could give me some or any insight into this issue
Thanks,
Vishwas
04-27-2012 12:37 AM
Hi,
how are you changing password? Do you just change on icon Change password on the first screen of SU01? Here it should check only for activity 05.
Cheers
04-27-2012 1:17 AM
Hi Martin, thanks for your reply
i am just pressing the PASSWORD RESET Icon on SU01 screen, then enter the password and then when i press ENTER, it gives me this error " You are not authorized to change users in group"...i am not touching the change pencil icon
04-27-2012 1:48 AM
If you run ST01 trace what checks do you see? In my system it checks for 05. Are you sure that user has sufficient authorization? Just check SU56.
Cheers,
Martin
04-27-2012 4:48 PM
Hi Martin & Kanth,
We have service desk role with the below tcodes
SU3, SU53, SU56, SU01. We either deactivated or made ACTVT = 03 for the corresponding authorization objects (Service desk user must have ONLY lock/unlock and password reset). I checked the trace, and it is checking for
the below values
Trace:
S_USER_GRP RC=4 |CLASS= ;ACTVT=02;
Current S_USER_GRP settings for our role is:
ACTVT = 03, 05, 08
CLASS = * (i gave * for testing purpose only)
The system is still checking change 02 for password reset. I can enter the password, but when i press ENTER or try to save, it throwing the below error
"You are not authorized to change users in a group"
04-27-2012 8:38 AM
Hi Vishwas,
I checked in my system for Auth obj S_USER_GRP, if you have the field value checked with 05 it allows you to lock and also change the password.
But can you please check whether you are authorized to make changes for that particular user group in which the user is there. It lies in the same auth obj below activity.
Please confirm once if you are issue is resolved or not.
Thanks,
Kanth
04-28-2012 1:23 AM
Hi Martin & Kanth,
I found the solution to my issue. Its exact word to word. Please refer SAP note 1529805
Thanks again for helping
Vishwas
05-09-2012 7:57 AM
Hello Vishwas,
Though you have given the User Group in the as * (star) in the object S_USER_GRP.
For the test user you have created also need to be assigned to some User Group. Try to give the user group for the test user and test it again. For lock/unlock the activity 05 will be enough.
Thanks
Ashok
05-09-2012 8:32 AM
I suspect that you have one of the user exists in SU01 active and this is calling "on save" to a user BAPI to make some change (possibly paramater ID's or to synchronize the password to other systems??). The user BAPIs check actvt '02' even if only the password is being reset.
SU01 main screen should not normally check this.
Please post the contents of table SSM_CUST to see if an exit is active.
Cheers,
Julius