- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- User Groups in SAP
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
User Groups in SAP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2008 7:00 PM
What are the effects of user groups on authorizations and profiles? For example, we have a group called dl(user is no longer needed), and it seems to cause profile problems, but its not repeatable...if that makes sense. Any suggestions?
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2008 9:11 AM
Hi James,
As Kings has already mentioned change in user group should not cause any problems related to profiles unless the profiles are not generated.However, authorization can be restricted through user group.
The authorization user group present in the logon data tab is used in conjunction with authorization object S_USER_GROUP. It allows to create security management authorization by user group. e.g. you can have a local security administrator only able to manage users in his groups, Help-Desk to reset password for all users except users in group SUPER, etc...
One of the Primary uses of user groups is to sort users into logical groups.This allows users to be categorised in a method that is not dependent on roles/AG's/Responsibilities/Profiles etc.
User Groups also allow segregation of user maintenance, this is especially useful in a large organisation as you can control who your user admin team can maintain - an example would be giving a team leader the authority to change passwords for users in their team.
Thanks,
Saby..
Edited by: Sabyasachi Rudra on Oct 5, 2008 5:34 AM
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2008 7:09 PM
What are the effects of user groups on authorizations and profiles?
You can control what User Admins can do, like Lock, delete, add/remove roles etc to a certain User Group using SU01, SU10, PFCG to name a few.
Gp.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2008 7:27 PM
There are actually 2 user group fields - one is found in the "logon data" tab and is used as "Gopi" mentioned. The other is a tab called "Groups" - this one is used for reporting purposes. Both call upon the user group table - ie. tcode SUGR -but are used for somewhat differently.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2008 4:54 AM
Hi James,
User groups are logical groupings of users that provide a mechanism for allowing sub- or remote Security Analysts access to maintain a limited group of users or to quickly query on a set of users.
User and security administration can be segregated and decentralized through the use of user groups.
You can use SUGR to create User Groups. You can assign the users via the Usergroup tab in SU01.
You can add/delete roles to the Usergroups as the change will affect multiple users.
Regards,
Kiran Kandepalli.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2008 7:38 AM
it seems to cause profile problemsThis problem may be caused due to the conflicts in the profile parameters. This may be also due to not generated profiles and the authorization in the roles. So this does not do anything with the change of the user group, unless the profiles of the roles are either deleted or generated properly. So better check with the roles and profile authorization and there's nothing to do with the change of the User from one User group to another.
Thank You
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2008 9:11 AM
Hi James,
As Kings has already mentioned change in user group should not cause any problems related to profiles unless the profiles are not generated.However, authorization can be restricted through user group.
The authorization user group present in the logon data tab is used in conjunction with authorization object S_USER_GROUP. It allows to create security management authorization by user group. e.g. you can have a local security administrator only able to manage users in his groups, Help-Desk to reset password for all users except users in group SUPER, etc...
One of the Primary uses of user groups is to sort users into logical groups.This allows users to be categorised in a method that is not dependent on roles/AG's/Responsibilities/Profiles etc.
User Groups also allow segregation of user maintenance, this is especially useful in a large organisation as you can control who your user admin team can maintain - an example would be giving a team leader the authority to change passwords for users in their team.
Thanks,
Saby..
Edited by: Sabyasachi Rudra on Oct 5, 2008 5:34 AM
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2008 11:18 AM
Hi James,
one more thing to be considered is:
as there are 2 fields for group in SU01, remember that the field under the logon data is only authorization relevant. and the one in the group tab is not authorization relevant.
thank you
Edited by: kavitha l on Oct 7, 2008 1:20 PM
- SAP Managed Tags:
- Security
