sap user creation
DESCRIPTION
HOW TO CREATE USERS IN SAP GUIDETRANSCRIPT
R/3 User Management
Anand Munuswamy
User Administration Overview
Unit Overview
This unit describes the basic overview of User Administration, Maintaining user, Resetting Password, Locking and unlocking a user, User groups via SU01 transaction in SAP R/3
User Administration Overview
Unit Objective
After completing this unit, you will be able to :
1. Explain the Function of User Administration
2. Creating and maintaining Users in R/3
3. Describe and use of User Groups
4. Describe and use of Personalization
5. Modify, lock and unlock users (SU01)
6. Resetting Password (SU01)Contd ..
User Administration Overview
Unit Objective
7. Develop authorization and profiles
8. Explain the function of Authorization Objects, Fields
9. Describe the Authorization Checks / Trace
10. Explain and configure User Administrator
11. Describe SAP Standard Logon Users
12. Explain the terms of logon and password controls
The User Master Record: Creating a SAP Account (SU01)
Create
The User Master Record: Selecting a Password (SU01)
Selecting a password
Logon Data
User Group
User Master Record : Account Validity and Account Number
Setting Validity Period
User Master Record : User Type
User Type
The User Master Record: Assigning External mail id
E-mail address
(necessary for external mail set-up)
Defaults
Parameters
Roles
Profiles
User Profile
Groups
The User Master Record: Changing SAP Account (SU01)
Change
Delete
The User Master Record: Deleting SAP Account (SU01)
Lock/Unlock
The User Master Record: Locking/Unlocking SAP Account (SU01)
Changing Password
The User Master Record: Changing Password of SAP Account (SU01)
Copying an Existing User
The User Master Record: Copying an existing user (SU01)
User Master record
Authorization Objects (SU03)
Authorization Objects (SU03)
Example: Authorization Fields
The Authorisation Problem Report (1/3)
1
3
2
Documentation - Display Authorization Check (2/3)
1
2 34
Documentation - Display Authorization Check (3/3)
Ensure that the file is saved in Rich Text Format
Authorizations
Profiles
AuthorizationsAuthorizations
Authorization objects
Authorization within Profiles, refers to a valid instance of Authorization object i.e. an Authorization object with valid values for their fields
Fields & Values
Profiles are created when 'roles' are generated. Profiles are collection of authorizations for a particular task which are assigned to multiple users.
The security structure in SAP:
Example: Authorization Checks/Trace (Contd..)
ABAP/4 Code for SD70AV3A. . . GET KNA1.AUTHORITY-CHECK OBJECT objectnameID fieldname1 FIELD fieldvalue1...ID fieldnamen FIELD fieldvaluenWRITE KNA1.. . .
Transaction VF31
Program SD70AV3A
Mr. Smith’s User Master Record
AuthorizationAuthorization
Authorization fields
Mr. Smith
Authorization Object
Authorization Profile
Functional Area
Auth Object
Fields where input in required
Configuring Maintenance Administrators
User Administrator
AuthorizationAdministrator
Activation Administrator
Super User
Define and edit profiles and authorizations
Maintain user master records
Activate profiles and authorizations
Domain
Special Logon Users
User SAP*
User DDIC
ProductionPlanning
MaterialsManagement
Finance andControlling
Sales andDistribution
Human Resources
SAP* password is ‘pass’ if there is no entry for SAP* in table USR02
Special User IDs The two user Ids (SAP* and DDIC) should only be used for tasks thatspecifically required either of those user Ids. A user who requires similar“super user” security rights should have a copy of the SAP* user security.
The security rights of SAP* and DDIC are extensive, dangerous and pose asecurity risk. Anyone, who requires or requests similar security rights shouldhave an extremely valid reason for the request. Convenience is not a validreason.
The user ID SAP* and DDIC should never be deleted. Instead :1. Change the password2. Lock the user ID
User Logon and Password Controls
ProductionPlanning
MaterialsManagement
Finance andControlling
Sales andDistribution
Human Resources
Table USR40 to define impermissible passwords for your system