You can distribute the administration tasks to multiple administrators even if you are not using the profile generator.
● The user administrator creates and maintains the user master records.
● The authorization administrator creates and maintains profiles and authorizations.
● The activation administrator activates the profiles and authorizations.
The table below shows the authorization objects that you should assign to each administrator, as well as those authorizations that you should reserve for the superuser.
Organization of User Administration with Manual Administration of Profiles
Administrator Type |
Object |
Fields |
Values |
User Administrator |
S_USER_GRP (User groups) |
CLASS |
Name(s) of the permissible user groups |
|
|
ACTVT |
01:
Create user master records |
|
S_USER_PRO (Authorization profile) |
PROFILE |
Name(s) of permissible profiles |
|
|
ACTVT |
22: Display profiles and enter profiles in user master records |
Activation administrator |
S_USER_PRO (Authorization profile) |
PROFILE |
Name(s) of permissible profiles |
|
|
ACTVT |
06:
Delete profiles |
|
S_USER_AUT (Authorizations) |
OBJECT |
Name(s) of permissible objects |
|
|
AUTH |
Name(s) of permissible authorizations |
|
|
ACTVT |
06:
Delete authorizations |
Authorization administrator |
S_USER_PRO (Authorization profile) |
PROFILE |
Name(s) of permissible profiles |
|
|
ACTVT |
01:
Create profiles |
|
S_USER_AUT (Authorizations) |
OBJECT |
Name(s) of permissible objects |
|
|
AUTH |
Name(s) of permissible authorizations |
|
|
ACTVT |
01:
Create authorizations |
Reserve the following user group authorizations for the superuser:
● Authorization for users in group SUPER
● 05: Lock and unlock users (prevent or allow logons); change passwords
● 08: Display change documents