Configuring User Group as Required for User Master Records

Prerequisites

You have created a default user group.
You have added the default user group to the authorization roles of the appropriate user administrators.

Context

Users with no user group for authorization assigned can be changed by any user administrator in the system. It is impossible to segregate responsibilities for such users. To avoid such situations, make the user group for authorization checks a required entry for new users. With this customizing option, you also define default user group, which the system automatically enters when you create a user.

This customizing is client-specific.

Procedure

Ensure that all existing users in the system have a user group for authorization checks assigned.

Use User Maintenance: Mass Changes (transaction SU10) to find users with an empty Group for Authorization field and assign appropriate groups.

Caution
Once the user group is required, if a user is missing a user group for authorization checks, you cannot change, lock, set the initial password, or even delete the user.
Maintain the USER_GRP_REQUIRED parameter with the name of the default user group in table USR_CUST with Maintain Table Views (transaction SM30).

To assign a user-specific default user group to user administrators, maintain the user parameter S_USER_GRP_DEFAULT for the user administrators.

Next Steps

SAP Note 1663177 Information published on SAP site SU01: User group as required entry field

Interaction of Required User Groups and Central User Administration