To create or maintain user master records, you need the following authorizations:

• Authorization to create and/or maintain user master records and to assign a user group (object S_USER_GRP).
• Authorization for the authorization profiles you want to assign to users (object S_USER_PRO).
• Authorization to create and maintain authorizations (object S_USER_AUTH).
• Authorization to protect activity groups. You can use this authorization object to determine which activity groups may be processed and which activities (Create, Display, Change and so on) are available for the activity group(s) (object S_USER_AGR).
• Authorization for transactions that you may assign to the activity group and for which you can assign authorization at the start of the transaction in the Profile Generator (object S_USER_TCD).