In this step you define authorization keys which you can use to set up authorization checks when you manually set or delete a user status. When the system sets a user status as a reaction to business transaction, it does not perform an authorization check.
When you set or delete a user status , the system checks whether the user is authorized for this action. In addition to the status profile and the object type, the system also checks the authorization key assigned to the user status in question.
You want to define that certain user statuses can be changed only by a specified employee group.
To do this, create an authorization key and assign it to the relevant user statuses.
In the general authorization maintenance you can then assign authorizations for this key via the authorization object B_USERSTAT.