User Group creation and assignment to users in SAP



 User groups are client dependent so have to create groups in each client/system manually.


Creation of user group:


SUGR is standard transaction to maintain user groups in SAP standard system.

 Follow the steps below to create a new User groups.

 1.Enter the SUGR T-code in SAP Easy Access Menu.


 2. SUGR will take you to a screen, enter the desired new User Group and click on create icon as show in the below figure.



3. Enter the user ids and give description then click on save.


4. now user group has been created.

5. Now assign user group in Log on data tab and Groups tab in SU01.
Assign users to user group:

3 possible ways to assign users to user group.
1) Using SUGR T code.
2) Groups tab in SU01.
3) Log on data tab in SU01.

Use of user group:
What is user group?
Where to delete users from user group?
How assign a one role to all members in user group?

Difference: 
User group for authorization check: In log on data tab user group, only one group can be assigned and it is relevant for the object S_USER_GRP.

General user groups: Here you can assign a multiple of user groups to the user, but it is not relevant for the object S_USER_GRP

SUGR change is in the Group tab of SU01 and not in (Log on data - User Group for Authorization check).

With the help of SU10 -> Authorization data and SUGR you can perform a mass change to move users to different group. I have done the job and would not take lot of time if you know what groups are to moved where.

Q:is it possible to see who had created a User Group (Transaction SUGR  or SU01) or is it possible to see who had changed or deleted a User Group?
A: You can use SM20 to see who has used the T-code SUGR through which a person can delete the user group.
You can also use STAD if the time span is short.
You can also use ST03N in expert mode to know who have used the transaction SUGR.
Once you know the users who visited the T-code, analyse the access of that user on that day to see if he could have deleted the group.

The SUGR user groups are for protecting administration activities on the user master record itself (like reset password, etc).
S_user_grp
You can divide user administration between several administrators with this authorization object, by assigning only a certain user group to an administrator. You can use the activities to specify the administrator’s processing types for the group (such as creating, deleting, and archiving).







Authorization object for SUGR:
S_USER_GRP
ACTVT : Activities.
CLASS :User Group Name
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)