Show TOC

Background documentationUser Administration and Identity Management in ABAP Systems Locate this document in the navigation structure

 

With the user administration, you create the prerequisites for your employees being able to work in the SAP system. Create a user master record for every employee that contains all of the information about this user. In addition to technical administration data, this includes the authorizations included in roles and profiles that allow the user to execute an action in the SAP system.

User and role maintenance and the User Information System are available for maintaining the user master records.

Getting Started

For information about the fundamentals of user and authorization administration in ABAP systems, see the SAP Library under SAP Authorization Concept.

Tools

The most important tools for user and role maintenance are listed below:

  • User Maintenance (transactions SU01, SU10)

  • Role Maintenance (transaction PFCG)

  • Indirect role assignment using HR-ORG

  • User Information System (transaction SUIM)

  • Central User Administration (transactions PFCG, SM59, SU01, SCUA, SCUM, SCUG, SUGR, SCUL)

Tasks

User and Role Maintenance Tasks

The central tasks of user and role maintenance are listed below:

Task

Information

Maintain users (create, change, delete, and so on)

User Maintenance Functions

Maintain roles (create, change, delete, and so on)

Role Maintenance Functions

Assign roles to users

Assigning Roles

Mass changes of user data

Mass Changes

Logging off inactive users

Logging Off Inactive Users

Maintain Internet users

Creating and Maintaining Internet Users

Setting Password Controls

Logon and Password Security in the SAP System

Identity Management Tasks

These tasks go beyond purely administering the users of the ABAP systems but, depending on the system landscape, may affect user administration.

Task

Information

Setting up and operating Central User Administration

Central User Administration

Setting up a directory service and synchronizing the ABAP user administration with an LDAP-compatible directory service

Directory Services (BC-SEC-DIR)

See also:

More Complex Tasks

Although the following tasks go beyond daily user administration, they are necessary for successful long-term operation.

Task

Information

Comparing Users

Compare user master records

Using the central repository for personalization data

Central Repository for Personalization Data

Maintaining defaults and options for users

Maintaining User Defaults and Options

Using the User Information System

User Information System

Performing a first installation

First Installation Procedure

Performing an upgrade

Upgrade Procedure

For full information about user and role administration, see the complete documentation for the topic Users and Roles (BC-SEC-USR).