Entering content frame

Background documentation User Administration and Identity Management in ABAP Systems Locate the document in its SAP Library structure

With the user administration, you create the prerequisites for your employees being able to work in the SAP system. Create a user master record for every employee that contains all of the information about this user. In addition to technical administration data, this includes the authorizations included in roles and profiles that allow the user to execute an action in the SAP system.

User and role maintenance and the User Information System are available for maintaining the user master records.

Getting Started

For information about the fundamentals of user and authorization administration in ABAP systems, see the SAP Library under Structure linkSAP Authorization Concept.

Tools

The most important tools for user and role maintenance are listed below:

·        User Maintenance (transactions SU01, SU10)

·        Role Maintenance (transaction PFCG)

·        Indirect role assignment using HR-ORG

·        User Information System (transaction SUIM)

·        Central User Administration (transactions PFCG, SM59, SU01, SCUA, SCUM, SCUG, SUGR, SCUL)

Tasks

User and Role Maintenance Tasks

The central tasks of user and role maintenance are listed below:

Task

Information

Maintain users (create, change, delete, and so on)

Structure linkUser Maintenance Functions

Maintain roles (create, change, delete, and so on)

Structure linkRole Maintenance Functions

Assigning roles to users

Structure linkAssigning Roles

Mass changes of user data

Structure linkMass Changes

Logging off inactive users

Structure linkLogging Off Inactive Users

Maintain Internet users

Structure linkCreating and Maintaining Internet Users

Setting Password Controls

Structure linkLogon and Password Security in the SAP System

Identity Management Tasks

These tasks go beyond purely administering the users of the ABAP systems but, depending on the system landscape, may affect user administration.

Task

Information

Setting up and operating Central User Administration

Structure linkCentral User Administration

Setting up a directory service and synchronizing the ABAP user administration with an LDAP-compatible directory service

Structure linkDirectory Services (BC-SEC-DIR)

 

See also:

More Complex Tasks

Although the following tasks go beyond daily user administration, they are necessary for successful long-term operation.

Task

Information

Comparing Users

Structure linkCompare user master records

Using the central repository for personalization data

Structure linkCentral Repository for Personalization Data

Maintaining defaults and options for users

Structure linkMaintaining User Defaults and Options

Using the User Information System

Structure linkUser Information System

Performing a first installation

Structure linkFirst Installation Procedure

Performing an upgrade

Structure linkUpgrade Procedure

 

For full information about user and role administration, see the complete documentation for the topic Structure linkUsers and Roles (BC-SEC-USR).

 

Leaving content frame