Organization without the Profile
Generator 
You can distribute the administration tasks to multiple administrators even if you are not using the profile generator.
· The user administrator creates the user master records and maintains them.
· The authorization administrator creates profiles and authorizations and maintains them.
· The activation administrator activates the profiles and authorizations.
The table below shows the authorization objects that you should assign to each administrator and the authorizations that the superuser should retain.
Organization of User Administration with Manual Maintenance of Profiles
|
Administrator Type |
Object |
Fields |
Values |
|
User administrator |
S_USER_GRP (User groups) |
CLASS |
Name(s) of the permissible user groups |
|
|
|
ACTVT |
01:
Create user master records |
|
|
S_USER_PRO (Authorization profile) |
PROFILE |
Name(s) of permissible profiles |
|
|
|
ACTVT |
22: Display profiles and enter profiles in user master records |
|
Activation Administrator |
S_USER_PRO (Authorization profile) |
PROFILE |
Name(s) of permissible profiles |
|
|
|
ACTVT |
06:
Delete profiles |
|
|
S_USER_AUT (Authorizations) |
OBJECT |
Name(s) of permissible objects |
|
|
|
AUTH |
Name(s) of permissible authorizations |
|
|
|
ACTVT |
06:
Delete authorizations |
|
Authorization Administrator |
S_USER_PRO (Authorization profile) |
PROFILE |
Name(s) of permissible profiles |
|
|
|
ACTVT |
01:
Create profiles |
|
|
S_USER_AUT (Authorizations) |
OBJECT |
Name(s) of permissible objects |
|
|
|
AUTH |
Name(s) of permissible authorizations |
|
|
|
ACTVT |
01:
Create authorizations |
Reserve the following user group authorizations for the superuser:
· Authorization for users in group SUPER
· 05: Lock and unlock users (prevent or allow logons); change passwords
· 08: Display change documents