Sap Administration

&KDSWHU 1RQVFKHGXOHG8VHU
$GPLQLVWUDWLRQ7DVNV
&RQWHQWV
Overview ..................................................................................................................9–2
User Groups..............................................................................................................9–2
Profile Generator.......................................................................................................9–2
Recommended Policies and Procedures .............................................................9–3
User Administration...................................................................................................9–3
System Administration ..............................................................................................9–5
New User Setup.......................................................................................................9–7
Prerequisites .............................................................................................................9–7
Installing the Frontend Software–SAPgui .................................................................9–8
Adding Additional Systems .....................................................................................9–16
Setting Up a New User ...........................................................................................9–19
Maintaining a User ................................................................................................9–26
Resetting a Password...........................................................................................9–28
Locking or Unlocking a User ...............................................................................9–29
User Groups ..........................................................................................................9–31
How to Create a User Group ..................................................................................9–32
Deleting a User’s Session (Transaction SM04)..................................................9–33
How to Terminate a User Session ..........................................................................9–33
Maintaining a Table of Prohibited Passwords ...................................................9–34
System Administration Made Easy 9–1

Chapter 9: Nonscheduled User Administration Tasks
Overview
2YHUYLHZ
User administration is a serious function, not just a necessary administrative task because
security is at stake each time users access the system. Because the company’s financial and
other proprietary information is on the system, the administrator is subject to external
requirements and recommendations from the company’s external auditors, regulatory
agencies, and others. Users should consult with their external auditors for audit-related
internal control user administration requirements. Human Resources should be consulted if
the HR module is implemented or any sensitive personnel data is maintained on the system.
A full discussion on security and user administration is beyond the scope of this guidebook.
We have limited our discussion to a small subset of this issue. Manually creating and
maintaining security profiles and authorizations is also not covered.
8VHU*URXSV
User groups are created by an administrator to organize users into logical groups, such as:
< Basis
< Finance
< Shipping
For additional information, refer to the section User Groups on page 9–31.
3URILOH*HQHUDWRU
The Profile Generator is a tool used to simplify the creation and maintenance of SAP
security. It reduces (but does not eliminate) the need for specialized security consultants.
The value of the Profile Generator is more significant for smaller companies with limited
resources that cannot afford to have dedicated security administrators.
For additional information on the Profile Generator, see the Authorizations Made Easy
guidebook.
Release 4.0B
9–2
Recommended Policies and Procedures
5HFRPPHQGHG3ROLFLHVDQG3URFHGXUHV
User administration is a serious security and audit issue. Some of the tasks in this
guidebook are aimed at complying with common audit procedures. Obtaining proper
authorization and documentation should be a standard prerequisite for all user
administration actions.
8VHU$GPLQLVWUDWLRQ
User administration comprises the following:
< User ID naming conventions
The employee’s company ID number (for example, e0123456)
Last name, first initial, or first name, last initial
In a small company where names are often used as ID, it is common to use the
employee’s last name and first initial of the first name or the employee’s first name
and first initial of the last name (for example, jonesb or barbaraj).
Clearly identifiable user IDs for temporary employees and consultants.
Examples: T123456, C123456
< Adding or changing a user
The user’s manager should sign a completed user add-or-change form.
The form should indicate the required security, job role, etc., that defines how
security is assigned in your company.
If security crosses departments or organizations, the affected managers should also
approve.
If the user is not a permanent employee, or if the access is to be for a limited
duration, the time period and the expiration date should be indicated.
The forms should be filed by employee name or ID.
A periodic audit should be performed, where all approved authorizations are
verified against what was assigned to the user.
System Administration Made Easy

9–3
< Users leaving the company or changing jobs

This is a particularly sensitive event. The policies and procedures for this event must
be developed in advance and be coordinated by many groups. As an example, see
the following table:
Group Responsibility
Human Resources Legal or personnel matters

External auditors Internal control issues related to financial audit
IT Procedures to terminate network access
Senior management Policy approval
Employee’s manager “Handover” or training period for the employee’s

replacement
To manage terminated employees:

< The user’s manager should send a form or e-mail indicating that the employee is
leaving.
< The user’s ID should be locked and the user assigned to the user group “term” for
terminated.
If the user’s ID is not required as a template, the security profiles assigned to the user
should be deleted (use transaction SU01 and under the Task profile and Profile tabs, delete
the profiles).
< Check Background Jobs (transaction SM37) for jobs scheduled under that user ID.
The jobs will fail when the user ID is locked or deleted.
< If the user leaves one job for another and needs to maintain access for handover, this
handover should be documented.
The duration of the handover access must be defined and the expiration (Valid to) date
entered in the R/3 System.
< All temporary employees or consultants should have expiration (Valid to) dates on their
user IDs.
Similar to banks, there should be a “secret word” that users could use to verify their
identity over the phone. This word would be used when the user needs their password
reset or their user ID unlocked.
Release 4.0B
9–4
6\VWHP$GPLQLVWUDWLRQ
< Special user IDs
The two user IDs SAP* and DDIC should only be used for tasks that specifically
require either of those user IDs. Any user requiring similar “super user” security rights
should have a copy of the SAP* user security.
The security rights of SAP* and DDIC are extensive, dangerous, and pose a security risk.
Anyone requiring or requesting similar security rights should have a very valid reason
for the request. Convenience is not a valid reason. The security profile that serves as the
“master key” is SAP_ALL, and to a lesser degree, SAP_NEW.
The user ID SAP* should never be deleted. Instead, the password should be changed. If
the user ID SAP* is deleted, logon and access rights are gained by rights programmed
into the R/3 System. The user ID SAP* then gains security rights that you do not know
about and cannot control.
The user IDs SAP* and DDIC should have their passwords changed to prevent
unauthorized use of these special user IDs.
An external audit procedure checks the security of these two user IDs.
For medium- and large-size companies, granting developers SAP* equivalent security
rights in the development and test systems is usually inappropriate. SAP* equivalent
security in the production system is a security and audit issue and should be severely
limited.
< User passwords

Parameters that define and restrict the user password are defined by entries in the
system profiles.
Passwords should be set to expire periodically.
Recommended time period is no more than 90 days.
Minimum password length of five (5) characters should be set.
User should be locked after three unsuccessful logon attempts.
The table of “prohibited” passwords (USR40) should be maintained.

9–5
Sample R/3 User Setup/Change/Delete Form:
Company ID:
R/3 User Change Request System/Client No. PRD 300
QAS 200 210 220
DEV 100 110 120
Employee: Type of Change W Change user
Department Name/Cost Center Number: W Delete user
W Add user
User ID:
Position: Expiration Date (mandatory
for temporary employees)
Secret Word: Request Urgency W High
Requester: W Medium
Requester’s position: W Low
Requester’s phone:
Employee’s Job Function (If similar to others in department, name and user ID of a person with similar job function):
Special Access/Functions:
Requester Signoff
Name Signature Date Signed
Manager Signoff
Owner Signoff

Security
In addition to security approval (above), is a signed copy of computer security and policy statement attached?
W Yes W No
Release 4.0B
9–6
New User Setup
1HZ8VHU6HWXS
3UHUHTXLVLWHV
*HQHUDO3URFHVVRU3URFHGXUH
Before you begin to set up a new user, you should have “in hand” the user add form (with
all the required information and approvals).
7KH8VHU·V'HVNWRS
Find out if the user’s desktop meets the following criteria:
< Does the system configuration meet the minimum requirements for SAP?
< Is the display resolution set to a minimum of 800 x 600?
< Is there sufficient space on the hard disk to install the SAPgui with sufficient room for
desktop application to run?
For windows, a minimum of 50MB free space should remain after installing SAPgui. A
practical minimum however, is at least 100MB of free space.
1HWZRUN)XQFWLRQDOLW\
Find out if the network functionality meets the following criteria:
< Can the user log on to the network?
From the user’s computer:
< Can you “ping” the SAP application server(s) that the user will be logging onto?
< If the SAPgui will be loaded from a file server, can you access the file server from where
the SAPgui will be loaded?
)RU,QVWDOODWLRQRI6$3JXL
Before you install the SAPgui, you should have the server name and the system (instance)
number (for example, xsysdev and 00). You will need to enter this information during the
installation.
5HFRPPHQGHG3UHUHTXLVLWHIRUWKH*8,,QVWDOODWLRQ
The online documentation should be installed according to the instructions in the SAP
document Installing the Online documentation (Release 4.0B). Note that the online
documentation installation and access method has changed since Release 3.x.

9–7
New User Setup
,QVWDOOLQJWKH)URQWHQG6RIWZDUH²6$3JXL
The SAPgui or frontend installation instructions are in the installation guide, Installing SAP
Frontend Software for PCs.
The SAPgui can be installed from:
< A copy of the presentation CD on a file server
< The presentation CD or a copy of the CD
In most situations, accept the installation defaults.
,QVWDOOLQJ6$3JXLIURPD)LOH6HUYHU
The preferred method is to install SAPgui from a file server because you do not need to
carry the presentation CD around. Also, remote installations can be completed without
shipping out and potentially losing the original CD.
The following is a list of the prerequisites to install SAPgui from a file server:
< Copy the SAPgui load files from the presentation CD to a shared directory on a file
server.
< Have access to the shared directory from the user’s PC.
Release 4.0B
9–8
New User Setup
+RZWR,QVWDOOWKH6$3JXL
*XLGHG7RXU
1. Map a drive to the share on the network where the presentation CD has been copied.
2. Select the mapped drive to the
presentation CD software.
3. Navigate down to the directory
for your platform.
In this example Sim-cd on 2
‘Pal100767’ (E:) → sapgui-40b →
Gui → Windows → Win32.
For other platforms, select the
appropriate platform directory; 4
Os2, Unix (Aix, Common, Dec,
Hpux, Reliant, Solaris) and win16.
4. Double-click on Sapsetup.exe.
3
The installation program starts.
5. Choose Next.

9–9
New User Setup
6. Select Client installation.

7. Choose Next.
8. At this point you have two

installation options:
< Individual installation
< Standard installation (the default)
With these options, you can view and

select all of the components (standard
installation) or only those you need
8
(individual installation).
Release 4.0B
9–10
New User Setup
,QGLYLGXDO,QVWDOODWLRQRI&RPSRQHQWV
To install SAPlogon you must use individual installation.
1. Select Individual installation.
2. Choose Next.
3. Choose (De)Select all to install all

components.
This toggle switch selects or
deselects all components.
3a. For this example we have
selected all components, for a
total of 84MB.
3a
4. Or, select specific components by

clicking on their individual
checkboxes.
4a. For this example, we have
selected two components
(SAPGUI 32-bit and SAPlogon),
for a total of 18MB.
4a
4. Choose Next.
5. From here continue with the Standard installation procedure.

9–11
New User Setup
6WDQGDUG,QVWDOODWLRQ
1. Choose Local Installation, to install
the software on the desktop PC.
2. Choose Next.
3. The installation program defaults

to where to install SAPgui on your
system. In most cases, you should
accept the system default.
4. Choose Next.
Release 4.0B
9–12
New User Setup
5. Choose possible entries to select a

language (for example, E for
English).
6. Choose Next.
7. The installation program informs

you where the files will be
installed.
8. Choose Next.
9. Enter the name of the application

server in Application Server.
10. Enter the system (instance)
number in System Number.
11. The SAP Router String is normally
left blank.
9
12. Select R/3 System. 10
13. Choose Next. 11
12
13

9–13
New User Setup
14. If the SAP online documentation

for Release 4.0B has been installed,
this step is not needed. Skip this
step.
15. Choose Next.
14
15
16. Enter the name for a program

group (or accept the default SAP
Frontend 4.0B).
17. Enter the name for the working
directory (or accept the default,
c:\SAPworkdir).
18. Choose Finish. 16
17
18
19. You will see a window showing

you the progress of the
installation.
The time to complete the installation depends on the speed of your computer and the
speed that the files can be copied over the network.
20. When the installation is complete,

this window will appear.
21. Choose OK.
21
22. Test your connection by logging

on to the R/3 System.
Release 4.0B
9–14
New User Setup
,QVWDOOLQJ6$3JXLIURPWKH3UHVHQWDWLRQ&'
When the network connection between the SAPgui files on the network and the user is too
slow to permit installation, install SAPgui from the presentation CD. A slow connection
could result from a slow modem or a slow link in the network.
A copy should be made of the original presentation CD and the copy shipped to the user
site. You then maintain control of the original CD and reduce the chance that it might get
lost. The SAPgui installation files can also be copied to other high-capacity removable
media such as ZIP® or optical disk, as appropriate for your company.
The CD (or other delivery media) can then be safely sent to the user’s site. From there, it can
be either loaded onto a local file server for installation or installed directly from the delivery
media.
The prerequisite for such an installation is that the user has a CD drive or other drive
compatible with the delivery media (ZIP®, optical, etc.) that the SAPgui files are delivered
on.
To install SAPgui from a CD:
1. Insert the copy of the Release 4.0B presentation CD into the CD ROM drive.
2. In Windows Explorer, choose the CD ROM drive.
3. Choose Gui → Windows → Win32 (or the appropriate directory).
4. Double-click on Sapsetup.exe.
5. Follow the same procedure as when loading from a file server.
6. Test that you can connect and log on to the system.

9–15
New User Setup
$GGLQJ$GGLWLRQDO6\VWHPV
You can add another system to the:
< SAP icon group
< SAP logon
The method you choose depends on how your company has been set up.
,FRQ*URXS
The icon group is the SAPgui default installation. If your user only logs in to one server the
icon group is sufficient.
6$3/RJRQ
Prerequisites:
< SAP Logon is installed using the Individual Installation.
SAP Logon is used when:
< SAP Logon is required to use load balancing.
< For system administrators and others who have to log in to many systems.
You do not have to deal with many separate icons to log into the different systems. All
instances can be configured in the one SAP Logon menu.
Release 4.0B
9–16
New User Setup
*XLGHG7RXU
7R$GGD1HZ6\VWHPWRWKH6$3,FRQ*URXS
Load balancing will not function if the SAP icon group is used. For load balancing, the SAP logon is
required.
1. From the Windows desktop, choose Start → Programs → SAP Frontend 4.0B → SAPicon.
If you have changed the name of the group in the installation, choose that name instead of SAP
Frontend 4.0B in the path above.
2. Select R/3 system.
3. Enter the name of the server in
Servername.
The server name you enter will
appear as the name under the icon 2
created. You can change the name
later using a function in Windows. 3
4. Enter the system (instance) 4
number in System ID. 5
5. Routerstring is normally left blank.
6. Choose OK.
7. The icon will be added to the SAP

icon group.
8. Test that you can connect and log
on to the additional system.

9–17
New User Setup
7R$GG$GGLWLRQDO6\VWHPVLQWKH6$3/RJRQ
1. On the SAP Logon window, choose
New.
2. Enter a short description of the

system (for example, Production
SAP, PRD)in Description. 2 6
3. Enter the name of the server (for 3
example, xsapprd or xsapdev) 4
in Application Server. 5
4. Enter the system (instance)
number that was assigned to the
server for which you are creating
the logon (for example, 01) in
System Number.
5. Select R/3.
6. Choose OK.
7. Test that you can connect and log
on to the additional system.
Release 4.0B
9–18
New User Setup
6HWWLQJ8SD1HZ8VHU
The procedural prerequisite is to check that all documentation and authorizations required
to set up a new user are present.
There are two ways to create a new user:
< Copy an existing user
< Create a new user from scratch
&RS\LQJDQ([LVWLQJ8VHU
You can copy from an existing user if you have a good match. The new user will have the
same security profiles as the existing user. This process is the easiest and thus recommended
method for a small company.
Create “template” users for the various job functions that can be copied to create new
users.
Prerequisite:
A valid user ID to copy is identified on the user setup form.
*XLGHG7RXU
In the Command field, enter transaction SU01 and choose Enter

(or choose Tools → Administration, then User maintenance → Users).
1. Enter the user ID (for example,
gary) that you want to copy. 2
2. Choose User names → Copy.

9–19
New User Setup
3. In the Copy Users window, enter the

new user ID in to.
3
Follow your company’s naming

convention for creating user IDs.
4. Choose Copy. 4
5. Enter an initial password (for

example, init). Re-enter the same
password in the second field.
6. In User group, enter the user group
(for example, ACCT) to which the
user is to be assigned.
5
6 7
A user group must exist before a user

can be assigned to it.
7. You can use possible entries to get a
list of user groups to select.
Release 4.0B
9–20
New User Setup
8. Enter dates in the Valid from and

Valid to fields to limit the duration
that the users will have access to the
system.
Entering a valid to/from date is

typically required for contractors and
other temporary personnel. 8
9. Choose the Address tab to change the

user’s address data.
10. Enter the user’s Last name.

11. Enter the user’s First name.
12. Enter the user’s job Function.
13. Enter the user’s Department.
16
14. Enter the user’s location (for
example, Room no., Floor, Building).
15. Enter the user’s phone number.
10
11
12
13
14 14 14
A telephone number should be a
required entry field. If there is a system
problem identified with the user, you 15
need to be able to contact that user.
16. Choose Defaults.

9–21
New User Setup
17. Check that the Logon language is set

correctly (for example, EN for
English). 22
If the system default language has
been set (for example, English), then
this field is only used to log in under
a language that is not the system
default (example, German).
18. Under Output Controller, select
Output immediately and 17
Delete after output.
19. Check that the Personal time zone is
20
correct. A display of possible entries is
available on this field.
18
20. Under Decimal notation, select the 21
appropriate notation (for example,
Point, for United States). 19
The Decimal notation affects how

numbers are displayed. Setting it
correctly is critical to prevent confusion
and mistakes.
21. Under Date format, select the
appropriate date format
(for example, MM/DD/YYYY).
22. Choose Save.
Release 4.0B
9–22
New User Setup
&UHDWLQJD1HZ8VHUIURP6FUDWFK
Sometimes it becomes necessary to create a new user “from scratch.” You may need to create a new user
when you do not have another user to copy from.
*XLGHG7RXU
1. In the Command field, enter transaction SU01 and choose Enter

gary) that you want to create.
3. Choose Create.
3
4. Enter the user’s Last name.

5. Enter the user’s First name.
6. Enter the user’s job Function.
7. Enter the user’s Department.
10
8. Enter the user’s location (for
example, Room no., Floor, Building).
9. Enter the user’s phone number.
4
5
6
7
8 8 8
A telephone number should be a
required entry field. If there is a system
problem identified with the user, you 9
need to be able to contact that user.
10. Choose Logon data.

9–23
New User Setup
11. Enter an initial password (for

example, init). Re-enter the same
password in the second field.
12. In User group, enter the user group
to which the user is to be assigned.
A list of possible entries is available to
select from.
11
12
A user group must exist before a user

can be assigned to it.
13. Enter dates in the Valid from and

Valid to fields to limit the duration
that the users will have access to the
system.
14
Entering a valid to/from date is

typically required for contractors and
other temporary personnel. 13
14. Choose Defaults.
Release 4.0B
9–24
New User Setup
15. Optional: Enter the appropriate

language code in Logon language (for
example, EN for English). 20
If the system default language has

been set (for example, English), then
this field is only used to log in under
a language that is not the system
default (example, German).
16. Under Output Controller, select
Output immediately and 15
Delete after output.
17. Enter the appropriate time zone. 18
A list of possible entries is available to
select from. 16
19
18. Under Decimal notation, select the
appropriate notation (for example, 17
Point, for United States).
The Decimal notation affects how

numbers are displayed. Setting it
correctly is important to prevent
confusion and mistakes.
19. Under Date format, select the
appropriate date format(for
example, MM/DD/YYYY).
20. Choose Save.
21. Assign security to the user by using the Profile Generator
(see the Authorizations Made Easy Guidebook).

9–25
Maintaining a User
0DLQWDLQLQJD8VHU
Before maintaining a user, have a properly completed and approved user change form.
The user change documentation is audited in a security audit.
:K\
You need to maintain a user to manage:
< Job changes to an existing job or position
< New jobs or positions
< User data changes, such as name, address, phone number, etc.
*XLGHG7RXU

garyn) to be maintained.
3. Choose Change.
3
2
Release 4.0B
9–26
Maintaining a User
The Maintain User screen allows

you to change a user’s:
< Address 4
< Logon data
< Defaults
< Password
< User group
< Other
4. When you finish making the
changes, choose Save.

9–27
Resetting a Password
5HVHWWLQJD3DVVZRUG
:K\
The most common reason to reset a user’s password is that the user forgot their password.
In this situation, it is likely that the user has attempted to log on too many times using an
incorrect password and has locked their user ID. You will also have to unlock their user ID.
Make certain the person who requests their password to be reset is indeed the valid user.
A basic user verification method is, to have a display telephone so that you can compare the
displayed caller’s “caller ID” number against the user’s phone number stored in the system
or found in the company phone directory.
We recommend that you use a method similar to banks where the user has a “secret word”
that is used to verify their identity over the phone. Remember that this method is not
perfect either because someone can overhear the secret word.
You should maintain a security log of password resets. This log should be periodically
audited to look for potential problems.
*XLGHG7RXU

GARYN) to be maintained.
3. Choose Change password.
3
2
Release 4.0B
9–28
Locking or Unlocking a User
4. In the popup window, enter the

new temporary password in the
4
New password and Repeat password
fields.
5. Choose Copy. 5
For security, you can only set an initial value for the user’s password. The user is then
required to change the password when they log on. You cannot see what the users current
password is, nor can you set a permanent password for the user.
/RFNLQJRU8QORFNLQJD8VHU
:KDW
The lock/unlock function is part of the logon check, which allows the user to log on (or
prevents the user from logging on) to the R/3 System.
:K\
< Locking a user
If a user leaves the company, is assigned to a different group, or is on leave, their R/3
access should be removed. The lock function allows the user ID and security profile for
that user to remain on the system but does not allow the user to log on. This function is
ideal for temporary personnel or consultants where the user ID is locked unless they
need access.
< Unlocking a user
A user is automatically locked out of the system if they attempt to incorrectly log on
more that the allowed number of times (usually the result of the user forgetting their
password). The administrator must unlock the user ID and more than likely reset the
user’s password.
Before unlocking a user, determine if the request is valid. Do not unlock a user who
has been manually locked without first finding out why this was done. You may
discover an important reason why the user should not access the system.

9–29
Locking or Unlocking a User
*XLGHG7RXU

GARYN) to be maintained.
3. Choose Lock/unlock.
3
2
4. A popup window appears.

In this example, an administrator
has manually locked the user ID.
5. Choose Lock/Unlock. 5
In this example, this step will

unlock the user.
6. A message at the bottom of the
screen indicates that the user has
been unlocked.
Release 4.0B
9–30
User Groups
8VHU*URXSV
:KDW
A user group is a logical grouping of users (for example, shipping, order entry, and finance).
The following restrictions apply to user groups:
< A user can belong to only one user group.
< A user group must be created before users can be assigned to it.
< A user group provides no security until the security system is configured to use user
group security.
Create the group “term” for terminated users. Lock all users in this group and, for most of
these users, delete the security profiles. This process maintains the user information for
terminated users, and prevents the user ID from being used to log on.
:K\
The purpose of a user group is to:
< Provide administrative groups for users so they can be managed in these groups.
< Apply security.
8VDJH
Following are a few recommended special groups:
Group Definition
TERM Terminated users. This way, user records can be kept in the system for
identification.
< All users in this group should be “locked.”
< If it is not being used as a template, all security profiles should be
removed from the user.
SUPER Users with SAP* and DDIC equivalent profiles.
TEMPLATE Template users to be used to create real users.

9–31
User Groups
+RZWR&UHDWHD8VHU*URXS
*XLGHG7RXU

2. On the User Maintenance screen
(transaction SU01), choose
Environment → User groups.
3. Choose Create. 3
4. Enter the name of the new user

group (for example, finance).
4
5. Choose Enter.
6. The new user group FINANCE is

now in the list and is usable.
Release 4.0B
9–32
Deleting a User’s Session (Transaction SM04)
'HOHWLQJD8VHU·V6HVVLRQ7UDQVDFWLRQ60
:KDW
Use transaction SM04 to terminate a user’s session.
:K\
Transaction SM04 may show a user as being active when the user has actually logged off.
This condition is usually caused by a network failure, which cuts off the user, or the user is
not properly closed out of the system. (For example, the user turned the PC off without
logging off the system.)
A user may be on the system and needs to have their session terminated:
< The user’s session may be “hung” and terminating the session is the only way to remove
the user’s session.
< The user may have gotten into a “one way” menu path without an exit or cancel option.
This situation is dangerous, and the only safe option is to terminate the session.
+RZWR7HUPLQDWHD8VHU6HVVLRQ
*XLGHG7RXU
1. Verify that the user is actually logged off from R/3 and that there is no SAPgui window minimized on
the desktop. Verification is done by physically checking the user’s computer.
Verification is important because users may have forgotten that they minimized a
session.

9–33
Maintaining a Table of Prohibited Passwords
2. In the Command field, enter

transaction SM04 and choose Enter
(or choose Tools → Administration, 4
then Monitor → System monitoring
→ User overview).
3
3. Select the user ID that you want to
delete.
4. Choose Sessions.
In step 3 above, double-check that the selected user is the one you really want to delete.
It is very easy to select the wrong user.
5. Select the session to be deleted.

6. Choose End session.
7. Repeat steps 5 and 6 until all
sessions for that user are deleted. 5
0DLQWDLQLQJD7DEOHRI3URKLELWHG3DVVZRUGV
:KDW
A table of prohibited passwords is a user-defined list of passwords that are prohibited from
being used in the R/3 System.
Interaction occurs between a system profile parameter and the table of prohibited
passwords. If the minimum password length is set to five characters, there is no reason to
prohibit passwords like “123” or “SAP,” because these passwords would fail the minimum
length test. However, if company security policy requires it, you could include all
passwords that are considered “risky” in the table.
This table is not a substitute for good password policy and practices by the users.
Release 4.0B
9–34
The following is a list of easily guessed passwords that cannot be put into any table:
< <your name>
< <your spouse’s name>
< <your child’s name>
< <your pet’s name>
< <your car’s license plate>
A company password policy should be prepared and distributed to all users to make them
aware that they should not use these easy to guess passwords.
:K\
There are many lists circulating of commonly used user passwords. If a user uses one of
these passwords, the chances of an unauthorized person accessing a user’s account
increases.
+RZ
Changes will be made to table USR40 using transaction SM31 (the general “table
maintenance” transaction. For more information, see chapter 10, Nonscheduled System
Administration Tasks: Table Maintenance.). This change creates a transport that can then be
transported throughout the landscape.
Keep a log of changes made to this table in your security log.
Suggestions for table entries:
SAP GOD ABC QWERTY

SEX XYZ PASS PASSWORD
123 12345* 54321* *12345*
Other table entries:

< Days of the week; Monday*, Tuesday*, Mon*, Tue*, etc.
< Months of the year; January*, February*, Jan*, Feb*, etc.
< <your company name>
< <your product names>
< <names of competitors>
< <names of competitors products>

9–35
Release 4.0B
9–36

Sap Administration

Enviado por

Dados do documento

Descrição original:

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Sap Administration

Enviado por

Direitos autorais:

Formatos disponíveis

&KDSWHU 1RQVFKHGXOHG8VHU 

System Administration Made Easy 9–1

System Administration Made Easy

< Users leaving the company or changing jobs

Human Resources Legal or personnel matters

Employee’s manager “Handover” or training period for the employee’s

To manage terminated employees:

< User passwords

System Administration Made Easy

Sample R/3 User Setup/Change/Delete Form:

Name Signature Date Signed

Name Signature Date Signed

System Administration Made Easy

In most situations, accept the installation defaults.

System Administration Made Easy

6. Select Client installation.

8. At this point you have two

With these options, you can view and

3. Choose (De)Select all to install all

4. Or, select specific components by

System Administration Made Easy

3. The installation program defaults

5. Choose possible entries to select a

7. The installation program informs

9. Enter the name of the application

System Administration Made Easy

14. If the SAP online documentation

16. Enter the name for a program

19. You will see a window showing

20. When the installation is complete,

22. Test your connection by logging

System Administration Made Easy

7. The icon will be added to the SAP

System Administration Made Easy

2. Enter a short description of the

In the Command field, enter transaction SU01 and choose Enter

2. Choose User names → Copy.

System Administration Made Easy

3. In the Copy Users window, enter the

Follow your company’s naming

5. Enter an initial password (for

A user group must exist before a user

8. Enter dates in the Valid from and

Entering a valid to/from date is

9. Choose the Address tab to change the

10. Enter the user’s Last name.

System Administration Made Easy

17. Check that the Logon language is set

The Decimal notation affects how

1. In the Command field, enter transaction SU01 and choose Enter

4. Enter the user’s Last name.

System Administration Made Easy

11. Enter an initial password (for

A user group must exist before a user

13. Enter dates in the Valid from and

Entering a valid to/from date is

14. Choose Defaults.

15. Optional: Enter the appropriate

If the system default language has

The Decimal notation affects how

System Administration Made Easy

The user change documentation is audited in a security audit.

1. In the Command field, enter transaction SU01 and choose Enter

&KDSWHU 1RQVFKHGXOHG8VHU