Escolar Documentos
Profissional Documentos
Cultura Documentos
User Administration
User Administration
March-2007
Objectives
The participants will be able to:
Know what are the responsibilities of a user administrator
What are the components of User master
What are the different user types
How to maintain users in SU01
User Administration
March-2007
User Administration :
User Administration
March-2007
Address
Parameters
Defaults
Personal data,
Communication
data, Company
address
Roles
Profiles
Assignment of
roles
Groups
Assignment of
user groups
Assignment of
license data
Assignment of
profiles
Assignment of
personalization
User Administration
March-2007
the SAPGUI.
The passwords are not subject to the password change requirement, that is, they
User Administration
March-2007
Communication User
Logon with SAPGUI is not possible. The user is therefore not interaction-capable
with the SAPGUI.
Expired or initial passwords are checked but the conversion of the password
change requirement that applies in principle to all users depends on the caller
(interactive/not interactive). (*)
Users have the option of changing their own passwords.
User Administration
March-2007
No logon possible.
User Administration
March-2007
User Maintenance:
User Administration
March-2007
User Administration
March-2007
10
User Administration
March-2007
11
User Administration
March-2007
12
User Administration
March-2007
13
User Administration
March-2007
14
User Administration
March-2007
15
User Administration
March-2007
16
User Administration
March-2007
17
User Administration
March-2007
Questions ?
18
User Administration
March-2007
User Administration
March-2007
Objectives
The participants will be able to:
Recognize what is company address
How company address can be created
How a user can be assigned to a company address
20
User Administration
March-2007
You can create, maintain and display Company address using the tcode SUCOMP
21
User Administration
March-2007
22
User Administration
March-2007
Company Address
The very first company need to be created in SUCOMP. After that all the newly
created users have the default company address automatically assigned to them. To
demonstrate the concept we need to have a look at the SU01 screen.
23
User Administration
March-2007
Creation of User
24
User Administration
March-2007
25
User Administration
March-2007
You can assign this user to any of the existing company address using the button
Assign other company address
26
User Administration
March-2007
27
User Administration
March-2007
You need to enter the new company name what you do in SUCOMP
28
User Administration
March-2007
Company Address
29
User Administration
March-2007
Questions ?
30
User Administration
March-2007
User Groups
User Administration
March-2007
Objectives
The participants will be able to:
The concept of user group
Specify the group for a user
Realize the importance of user groups in the context of user administration
32
User Administration
March-2007
User Group:
User group can be used for different purpose and in different
way in an SAP environment One of the Primary uses of user groups is to sort users into logical groups.
This allows users to be categorized in a method that is not dependent on roles,
Responsibilities & Profiles etc.
User Groups also allow segregation of user maintenance, this is especially useful in
a large organization as you can control who your user admin team can maintain - an
example would be giving a team leader the authority to change passwords for users in
their team.
33
User Administration
March-2007
User Group
In the latest versions of SAP, actually two types of user group exist
The authorization user group (exist in Logon data tab in the user
master record)
The general user groups (exist in Group tab in the user master
record)
34
User Administration
March-2007
35
User Administration
March-2007
User Group
36
User Administration
March-2007
User Group
37
User Administration
March-2007
User Group
38
User Administration
March-2007
User Group
USER GROUPS for authorization Check are used for access control to transactions and
tables based on user group assignment for a particular user and to which respective group
he/she belongs and the tables and transactions and reports that group has access.
Groups tab on SU01 Transaction is used for logical grouping of users based on similar
functionalities and for mass operations of same type for multiple users.
39
User Administration
March-2007
Questions ?
40
User Administration
March-2007
User Administration
March-2007
Objectives
The participants will be able to:
Use SU10 as a mass user maintenance tool
Display the log once the mass changes are done.
42
User Administration
March-2007
Mass changes:
Logon data
Defaults
Roles
Profiles
Parameters
Passwords
43
User Administration
March-2007
Address Data
44
User Administration
Authorization Data
March-2007
45
User Administration
March-2007
46
User Administration
March-2007
Questions?
47
User Administration
March-2007
User Administration
March-2007
Objectives
The participants will be able to:
Understand the importance of different authorization objects related to user
administration
Divide the administrative power among various roles to be used by administrator.
49
User Administration
March-2007
50
User Administration
March-2007
CLASS
ACTVT
Auth. Object
Field
Field
01: Create
02: Change
03: Display
05: Lock, unlock
06: Delete
08: Display change documents
22: Add users to activity groups
24: Archive
78: Assign
68: Model users and assign to systems or activity groups in user management. The
models are used later as templates for the actual assignments.
51
User Administration
March-2007
Auth. Object
Profile
Field
ACTVT
Field
01: Create
02: Change
03: Display
06: Delete
07: Activate
08: Display change documents
22: Assign profile to users / remove
assignment
24: Archive
52
User Administration
March-2007
Auth. Object
Authorization object
Field
Authorization name
Field
Activity
Field
01 = create
02 = change
03 = display
06 = delete
07 = activate
08 = display change documents
22 = assign authorization profiles
24 = archive
53
User Administration
March-2007
S_USER_AGR
54
Auth. Object
ACT_GOUP
Field
Activity
Field
User Administration
March-2007
55
User Administration
March-2007
Auth. Object
Field
TCD
T-Code
S_USER_VAL
Auth. Object
OBJECT
AUTH_FIELD
AUTH_VALUE
56
User Administration
Field
Field
Field
March-2007
S_USER_SYS
ACTVT
SUBSYSTEM
57
User Administration
March-2007
58
User Administration
March-2007
S_USER_AUT
OBJECT
OBJECT
ACTVT
59
User Administration
March-2007
Questions?
60
User Administration
March-2007
User Administration
March-2007
Objectives
The participants will be able to:
Realize the concept of User Buffer.
To view the user buffer.
62
User Administration
March-2007
User Buffer:
When
63
User Administration
March-2007
User Buffer:
A user would fail an authorization check if:
The authorization object does not exist in the
user buffer.
The values checked by the application are not
assigned to the authorization object in the user
buffer
The user buffer contains too many entries and
has overflowed. The number of entries in the user
buffer can be controlled using the system profile
parameter auth/number_in_userbuffer.
64
User Administration
March-2007
User Buffer:
User can display his/her own user buffer using the transaction SU56
65
User Administration
March-2007
66
User Administration
March-2007
Questions ?
67
User Administration
March-2007