Restrict Role to unlock/lock Change Password

SAP Basis Components, Application Modules, Certification, ABAP/4 Programming Books Restrict Role to unlock/lock Change Password

How to create role (contain tcode SU01) and restrict this role to only allow 'unlock/lock users' and 'change password'. I want to assign this role to admin operator.
Try to create a role (PFCG) with the authorization object called S_USER_GRP, and assign Lock only in the activity field.
I don't have any clue about restricting the Initialization of the Password, If anyone has, pls. share.

I am did the same using Authorizations. I did as following:

I created a Profile(Tcode: su02) called "Z:Helpdesk" containing the following:

Y:HLPDSKTCOD : containing the Tcodes: SU01
(Class: Non-application-specific Authorization objects
Object: Authorization check for transaction start)

Y:HLPDSKACT : containing the Activities 03,05
User group in user master maintenance "*"
(Class: Basis: Administration
Object: User Master Maintenance: User Groups)

If you assign this profile to a user he will be able to reset passwords and also lock/unlock users. Also assign "su53" Tcode to the user , this will always help. Whenever a user has some authorization issues, tell him to send a screenshot of "su53". In that screenshot SAP will clearly mention what all authorizations are required. To assign "su53" tcode dd the following to
"Y:HLPDSKTCOD"
Y:HLPDSKTCOD : Tcodes: SU01, SU53

Sameer

I wanted to create a new role with su01 access only. it works fine through adding it thru the menu tab. However, I dont want this role to allow
1) removing of users
2) changing of user password other than himself
I checked through the authorization tab after entering su01 in the menu tab but did not find what I want.

SU01 user access is controlled via the object S_USER_GRP .
Deleting users is activity 06.
Changing of password is 05 (also lock / unlock id).
The object works in conjunction with the user group that a user is assigned to.

This is always possible for all users at the login screen by hitting the "new password" button after entering the correct password, but before hitting enter.
The security is controlled by the login program. No authorizations required.

Back to Basis Menu:
SAP BC (Basis Components) Hints and Tips

Return to :-
SAP ABAP/4 Programming, Basis Administration, Configuration Hints and Tips

(c) www.sap-basis-abap.com All material on this site is Copyright.
Every effort is made to ensure the content integrity. Information used on this site is at your own risk.
All product names are trademarks of their respective companies. The site www.sap-basis-abap.com is in no way affiliated with SAP AG.
Any unauthorised copying or mirroring is prohibited.