User Administration Functions

The initial screen of User Maintenance (transaction SU01) offers administrators a number of useful functions.

The following table highlights some of the features required for user administration.

Functions of User Maintenance
Function	Description
	Enter a user name and choose Create. For more information, see Creating and Editing User Master Records.
	Enter an existing user name or alias, and choose Change. For more information, see Creating and Editing User Master Records.
	Enter an existing user name or alias, and choose Display.
	Enter an existing user name or alias, and choose Delete.
	Enter the name of the user to be copied, and choose Copy. For more information, see Copying Users.
	To permit or deny a user access to the system, enter an existing user name, and choose Lock/Unlock. The locking or unlocking of a user master record takes effect the next time the user logs on. A user that is already logged on is not affected. By default, the system locks users if twelve successive password logon attempts have failed. The lock is recorded in the system log together with the ID of the terminal at which the logon attempt took place. You can define the number of permissible unsuccessful password logon attempts in a system profile parameter. For more information, see Profile Parameters for Logon and Password (Login Parameters). With this automatic lock, the system releases the user name again at midnight. You can unlock a user yourself before the lock period has expired. Locks that have been explicitly set remain in effect until you remove them.
	Enter a user name and choose Change Password. The new password must fulfill the standard conditions for passwords (see Password Rules). For more information, see Logon Data Tab Page or the `F1` help. The new password takes effect immediately, meaning that the user can use the new password immediately after it has been changed. Users can change their passwords themselves a maximum of once a day. Administrators, on the other hand, can change user passwords as often as necessary. Special Features for Central User Administration If you change passwords in the initial screen of User Maintenance in the central system, a dialog box appears with a list of target systems. In this dialog box, you can change or deactivate the password. For more information, see Logon Data Tab.
Information Information System	Starts the User Information System (transaction SUIM). For more information, see User Information System.
Environment Mass Changes	The changes that you can perform for individual users in the context of user administration you can also perform for multiple users. For more information, see Mass Changes.
Environment Archive and Read	Display Change Documents To call a list of changes to user master records, authorization profiles, and authorizations, choose Information Change Documents for Users. The system logs the following changes: Direct authorization changes for a user, that is, changes to the profile list in the user master record Indirect changes are changes to profiles and authorizations that are entered in the user master record. These changes are not visible in the display. However, you can check these changes in the change documents for profiles and authorizations. Changes to user password, user type, user group, validity period, and account number For each change that has been made, the log shows the deleted value in the Deleted Entries line. The line Added Entries shows the changed or new value. Archiving Change Documents User master records and authorizations are stored in USR* tables. You can use the archiving function to reduce the storage space that the USR* tables occupy in the database. Change documents are stored in the USH* tables. The archiving function deletes change documents that are no longer required from the USR* tables. You can archive the following change documents or change records for user master records and authorizations from the USH* tables: Changes to authorizations (archiving object US_AUTH) Changes to authorization profiles (archiving object US_PROF) Changes to authorizations that assigned to a user (archiving object US_USER) Changes to a user password or to the default values stored in the user master record (archiving object US_PASS) The functions of the user and authorization administration allow access to the archiving system. In the user administration tool, choose Environment Archive and Read. In the profile and authorization administration, choose Utilities Archive and Read. On the screen that appears, you can archive or reimport change documents for users, profiles, or authorizations. For more information about the archiving system, see the User Changes and Authorization Changes sections of Data Archiving in SAP NetWeaver AS.
Environment Maintain Profiles	Starts the obsolete manual profile maintenance tool (transaction SU02). Instead, use the role administration tool (transaction PFCG).
Environment Maintain Authorization	Starts the obsolete manual authorization administration tool (transaction SU03). Instead, use the role administration tool (transaction PFCG).
Environment User Groups	You can assign users to one or more user groups. For more information, see User Groups.
Environment Maintain Roles	Starts the role administration tool (transaction PFCG). For more information, see Role Administration Functions.