Show TOC

Procedure documentationConfiguring User Group as Required for User Master Records Locate this document in the navigation structure

 

Users with no user group for authorization assigned can be changed by any user administrator in the system. It is impossible to segregate responsibilities for such users. To avoid such situations, make the user group for authorization checks a required entry for new users. With this customizing option, you also define default user group, which the system automatically enters when you create a user.

This customizing is client-specific.

Prerequisites

  • You have created a default user group.

  • You have added the default user group to the authorization roles of the appropriate user administrators.

Procedure

  1. Ensure that all existing users in the system have a user group for authorization checks assigned.

    Use User Maintenance: Mass Changes (transaction SU10) to find users with an empty Group for Authorization field and assign appropriate groups.

    Caution Caution

    Once the user group is required, if a user is missing a user group for authorization checks, you cannot change, lock, set the initial password, or even delete the user.

    End of the caution.

  2. Maintain the USER_GRP_REQUIRED parameter with the name of the default user group in table USR_CUST with Maintain Table Views (transaction SM30).

    To assign a user-specific default user group to user administrators, maintain the user parameter S_USER_GRP_DEFAULT for the user administrators.

More Information

SAP Note 1663177 SU01: User group as required entry field

Interaction of Required User Groups and Central User Administration