Show TOC

User Administration FunctionsLocate this document in the navigation structure

Use

In user administration tool (transaction SU01) the following functions are available to you as an administrator.

Function

Description

Create

Enter a user name and choose Create. For more information, see Creating and Editing User Master Records.

Change

Enter an existing user name or alias, and choose Change. For more information, see Creating and Editing User Master Records.

Display

Enter an existing user name or alias, and choose Display. For more information, see Creating and Editing User Master Records.

Delete

Enter an existing user name or alias, and choose Delete.

Copy

  1. Enter the name of the user to be copied, and choose Copy.

    The Copy Users dialog box appears.

  2. In the From field, enter the user to be copied, and in the To field, enter the name of the new user. In the Choose Parts group box, you can use the checkboxes to specify the user data to be copied. Logon data (password, SNC) is not copied.

    Once the user has been copied, the user administration tool appears, and you can edit the new user as described in Creating and Editing User Master Records.

Lock/Unlock

To permit or deny a user access to the system, enter an existing user name, and choose Lock/Unlock. The locking or unlocking of a user master record takes effect the next time the user logs on; however, a user that is already logged on is not affected.

By default, the system locks users if twelve successive password logon attempts have failed. The lock is recorded in the system log together with the ID of the terminal at which the logon attempt took place.

You can define the number of permissible unsuccessful password logon attempts in a system profile parameter (see Profile Parameters for Logon and Password (Login Parameters)).

With this automatic lock, the system releases the user name again at midnight. You can unlock a user yourself before the lock period has expired. Locks that have been explicitly set remain in effect until you remove them.

Change Password

Enter a user name and choose Change Password.

The new password must fulfill the standard conditions for passwords (see Password Rules). For more information, see

Logon Data Tab Page or the F1 help.

The new password takes effect immediately, meaning that the user can use the new password immediately after it has been changed.

Users can change their passwords themselves a maximum of once a day. Administrators, on the other hand, can change user passwords as often as necessary.

Special Features for Central User Administration

If you change passwords in the central system, a dialog box appears with a list of target systems. On this dialog box, you can change or deactivate the password (see Logon Data Tab Page).

On the dialog box, the selections are predefined so that when changing the password, the child systems are selected, and when deactivating, the central system is selected. You can change this setting.

Start of the navigation path Edit Next navigation step Address End of the navigation path

Select a component (telephone number, fax number, and so on), and make the desired changes.

Start of the navigation path Info Next navigation step Information System End of the navigation path

Starts the User Information System (transaction SUIM).

Start of the navigation path Environment Next navigation step Mass Changes End of the navigation path

Most of the changes that you can perform for individual users in the context of user administration you can also perform for a selected number of users. For more information, see Mass Changes.

Start of the navigation path Environment Next navigation step Archive and Read End of the navigation path

Display Change Documents

To call a list of changes to user master records, authorization profiles, and authorizations, choose Start of the navigation path Info Next navigation step Information System End of the navigation path and, in the displayed overview, Change Documents. The system logs the following changes:

  • Direct authorization changes for a user, that is, changes to the profile list in the user master record

    Indirect changes are changes to profiles and authorizations that are entered in the user master record. These changes are not visible in the display. However, you can check these changes in the change documents for profiles and authorizations.

  • Changes to user password, user type, user group, validity period, and account number

For each change that has been made, the log shows the deleted value in the Deleted Entries line. The line Added Entries shows the changed or new value.

Archiving Change Documents

User master records and authorizations are stored in USR* tables. You can use the archiving function to reduce the storage apsace that the USR* tables occupy in the database. Change documents are stored in the USH* tables. The archiving function deletes change documents that are no longer required from the USR* tables.

You can archive the following change documents or change records for user master records and authorizations from the USH* tables:

  • Changes to authorizations (archiving object US_AUTH)

  • Changes to authorization profiles (archiving object US_PROF)

  • Changes to authorizations that assigned to a user (archiving object US_USER)

  • Changes to a user password or to the default values stored in the user master record (archiving object US_PASS)

The functions of the user and authorization administration allow access to the archiving system. In the user administration tool, choose Start of the navigation path Environment Next navigation step Archive and Read End of the navigation path. In the profile and authorization administration, choose Start of the navigation path Utilities Next navigation step Archive and Read End of the navigation path. On the screen that appears, you can archive or reimport change documents for users, profiles, or authorizations.

For more information about the archiving system, see the User Changes and Authorization Changes sections of Data Archiving in SAP NetWeaverSAP NetWeaver AS.

Start of the navigation path Environment Next navigation step Maintain Profiles End of the navigation path

Starts the obsolete manual profile maintenance tool (transaction SU02). Instead, use the role administration tool (transaction PFCG).

Start of the navigation path Environment Next navigation step Maintain Authorization End of the navigation path

Starts the obsolete manual authorization administration tool (transaction SU03). Instead, use the role administration tool (transaction PFCG).

Start of the navigation path Environment Next navigation step User Groups End of the navigation path

You can assign users to one or more user groups. For more information, see User Groups.

Start of the navigation path Environment Next navigation step Maintain Roles End of the navigation path

Starts the role administration tool (transaction SU03). For more information, see Role Administration Functions.

Start of the navigation path Environment Next navigation step Organizational Assignment End of the navigation path

You can assign a position to the user in accordance with his or her position in organizational management.

Start of the navigation path Environment Next navigation step Maintain Company Address End of the navigation path

Starts the company address maintenance tool (transaction SUCOMP).

Start of the navigation path Environment Next navigation step Distribution Log End of the navigation path

Starts the log display for Central User Administration (transaction SCUL). You can display the distribution logs there.