User Groups in SAP
What are the effects of user groups on authorizations and profiles? For example, we have a group called dl(user is no longer needed), and it seems to cause profile problems, but its not repeatable...if that makes sense. Any suggestions?
Sabyasachi Rudra replied
As Kings has already mentioned change in user group should not cause any problems related to profiles unless the profiles are not generated.However, authorization can be restricted through user group.
The authorization user group present in the logon data tab is used in conjunction with authorization object S_USER_GROUP. It allows to create security management authorization by user group. e.g. you can have a local security administrator only able to manage users in his groups, Help-Desk to reset password for all users except users in group SUPER, etc...
One of the Primary uses of user groups is to sort users into logical groups.This allows users to be categorised in a method that is not dependent on roles/AG's/Responsibilities/Profiles etc.
User Groups also allow segregation of user maintenance, this is especially useful in a large organisation as you can control who your user admin team can maintain - an example would be giving a team leader the authority to change passwords for users in their team.
Edited by: Sabyasachi Rudra on Oct 5, 2008 5:34 AM