cancel
Showing results for 
Search instead for 
Did you mean: 

Create User Group for authorization check

Former Member
0 Kudos

Hello everyone,

I know that there are two types of User Groups.:

1. "User group for authorization check" on the SU01 logon data tab the S_USER_GRP object.

2. "General user groups" on the SU01 roups tab assigned via transaction SUGR.

I need to create a "User group for authorization check" to be assigned in the SU01 logon data tab. I know that you use SUGR to create the General user group, but where do you create the "User group for authorization check"?

Thank you! : )

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member

I created a user group called SYSTEM and assigned all our companies system accounts to it. Two examples of additional SYSTEM accounts I added to the SYSTEM user group are: DDIC & SAPBATCH. I did not register this group or apply any special conditions. Since doing so, several system accounts constantly become locked.

Is it safe to delete the SYSTEM user group?

Please assist...

Former Member
0 Kudos

Hello Keith,

you can delete usergroup SYSTEM as soon as there are no assignments of users to that group.

The usergroup was created by you and can also be maintained/deleted by you.

Please note that DDIC is a predelivered SAP System User with standard assignment to user group SUPER. The user is mostly used for activation processes of repository objects, installations and upgrade. The user group SUPER shouldn't be removed at all as there are hardcoded checks on that usergroup in the coding. Pease assign usergroup SUPER again and your locking issues should be fixed.

regards

Johannes

Former Member

Hi Johonna,

You can create it in SUGR itself, the only difference is how you used it. You can define action in auth object S_USER_GRP, that cam be taken for the users belongs to the particular user group.

For more info please go through below SAP documentation.

User group in user master maintenance:-

User Group for Authorization Check:-

If you assign a user to a user group for the authorization check on the Logon Data tab, you can distribute user maintenance tasks among several user administrators. The system administrator can assign the respective user administrator the right to create and change users in a group. Using the authorization object User Master Maintenance:User Groups ( S_USER_GRP), you can assign user groups to different administrators.

Users that are not assigned to any of the groups, can be maintained by all administrators.

General User Groups:-

You use the division of users into user groups on the Groups tab primarily to group users for mass maintenance (transaction SU10). Furthermore, the Global User Manager (transaction SUUM) uses the user groups.

In the user maintenance transaction (SU01), you can assign users to one or more groups on the Groups tab.

Maintaining User Groups:-

You create user groups using the function Environment -> User Groups -> Maintain. If you are using Central User Administration, you must create the user groups required in all systems.

Thanks,

Satyabrat

Former Member
0 Kudos

Hello Satyabrat,

Thank you for the quick response.

My challenge is this:

1. I created the user group in SUGR

2. I am able to assign it to mulitple users in SUGR, as well as, assign it to an individual users in the SU01 Groups tab.

3. However, when I try to assign it in the SU01 Logon tab (as a User Group for auth check), it tells me that the User Group does not exist.

So, I am assuming that I need to create this type of User Group in a transaction other than SUGR?

Thanks!

Johonna

Former Member
0 Kudos

Hi Johonna,

It can not be possible. It is not a normal behavior. Please check the table entry in USGRP if the new created user group exists there.

Also Please let me know the SAP release (basis support package level) you are working on and also confirm if you recently done any upgrade activities.

Thanks,

Satyabrat

Edited by: Satyabrat Mohanty on May 12, 2010 11:18 PM

Former Member
0 Kudos

Hello Satyabrat,

I just figured it out ... for some reason, this field is case-sensitive. I have never seen that at other implementations. Thankfully thoguh, it's working now.

Thanks!

Johonna