Organization Without the Profile Generator
You can distribute the administration tasks to multiple administrators even if you are not using the profile generator.
- The user administrator creates and maintains the user master records.
- The authorization administrator creates and maintains profiles and authorizations.
- The activation administrator activates the profiles and authorizations.
The table below shows the authorization objects that you should assign to each administrator, as well as those authorizations that you should reserve for the superuser.
Organization of User Administration with Manual Administration of Profiles
| Administrator Type | Object | Fields | Values |
|---|---|---|---|
|
User Administrator |
S_USER_GRP (User groups) |
CLASS |
Name(s) of the permissible user groups |
|
|
|
ACTVT |
01: Create user master records 02: Change user master records 03: Display user master records 04: Delete user master records |
|
|
S_USER_PRO (Authorization profile) |
PROFILE |
Name(s) of permissible profiles |
|
|
|
ACTVT |
22: Display profiles and enter profiles in user master records |
|
Activation administrator |
S_USER_PRO (Authorization profile) |
PROFILE |
Name(s) of permissible profiles |
|
|
|
ACTVT |
06: Delete profiles 07: Activate profiles |
|
|
S_USER_AUT (Authorizations) |
OBJECT |
Name(s) of permissible objects |
|
|
|
AUTH |
Name(s) of permissible authorizations |
|
|
|
ACTVT |
06: Delete authorizations 07: Activate authorizations |
|
Authorization administrator |
S_USER_PRO (Authorization profile) |
PROFILE |
Name(s) of permissible profiles |
|
|
|
ACTVT |
01: Create profiles 02: Change profiles 03: Display profiles 06: Delete profiles 08: Display change documents for profiles |
|
|
S_USER_AUT (Authorizations) |
OBJECT |
Name(s) of permissible objects |
|
|
|
AUTH |
Name(s) of permissible authorizations |
|
|
|
ACTVT |
01: Create authorizations 02: Change authorizations 03: Display authorizations 06: Delete authorizations 08: Display change documents for authorizations |
Reserve the following user group authorizations for the superuser:
- Authorization for users in group SUPER
- 05: Lock and unlock users (prevent or allow logons); change passwords
- 08: Display change documents