SAP Security - User Admin - Part 01

 Main Roles of a User Administrator in SAP

A User Administrator in SAP is responsible for managing user access and ensuring system security. The key responsibilities include:

  1. User Creation and Maintenance
    • Create individual user accounts using SU01.
    • Create and maintain multiple users in bulk using SU10.
    • Maintain user details such as user type, validity dates, and user groups.
  2. Password Management and User Locking
    • Reset user passwords when required.
    • Lock and unlock user accounts due to security reasons, inactivity, or policy violations.
  3. Role Assignment and Authorization Management
    • Assign single or multiple roles to users individually or in bulk using SU10.
  4. User and Role Comparison
    • Perform user comparison (PFUD) to synchronize authorization profiles after role changes.
 
Creation of User by Using SU01

When creating a user ID in the SAP system, we need to maintain the following basic user details:

User ID:
Last Name :
First Name:
Function:
Department:
Phone Number:
Mail ID:
Alias:
User Type:
User Group:
Validity Period
Account Number:
SNC:
Roles Details:

Details Explained:

User ID: Unique identification for the user in the SAP system

Last Name and First Name – User’s personal details

Function – Job role or designation of the user

Department – Department to which the user belongs

Phone Number – Contact number of the user

Mail ID – Email address for system notifications

Alias – Alternate user name, if required

User Type – Such as Dialog, System, Communication, or Service

User Group – Used for user administration and authorization control

Validity Period – Start and end date for which the user account is active

Account Number – Ref ticket number or employee number, if applicable

SNC – Secure Network Communication details, if enabled

Role Details – Assignment of roles to provide required authorizations




Popular posts from this blog

Introduction of SAP

  What is the SAP? SAP ( Systems, Applications, and Products in Data Processing ) refers to a German software company and its popular Enterprise Resource Planning (ERP) software. SAP consists of two categories modules 1. Technical Modules Technical modules focus on system administration, development, integration, and security. These include: SAP BASIS – System administration SAP Security – User roles, authorizations, and access control SAP GRC – Governance, Risk, and Compliance management SAP BTP – Business Technology Platform for cloud development and integration SAP ABAP – Programming and customization of SAP applications 2. Functional Modules Functional modules support specific business processes and aligned with business requirements. These include: SAP MM – Materials Management SAP SD – Sales and Distribution SAP PM – Plant Maintenance SAP HCM – Human Capital Management SAP ...
Read more

SAP Security Introduction

 SAP Security consists of two categories 1. User Administrator (User Admins) 2. Role Administrator (Role Admins) Some projects are handled by two different consultants. In other projects, a single consultant handles both tasks, including User Administration and Role Administration.   1. User Administrator (User Admins) We use transaction codes such as SU01, SU10, PFUD , etc., for User Administration activities. User ID characters Min 1 character and Max 12 characters. Note: The allowed characters are letters (A–Z), numbers (0–9), and special characters including underscore (_), dot (.), and hyphen (-). Password characters Min 8 character and Max 40 characters. Note: The allowed characters are Uppercase letters (A–Z), Lowercase letters (a–z), numbers (0–9), and special characters including @ # $ % ! etc. Important SAP Security Parameters: Login/min_password_lng : Minimum password length Login/min_password_digits : Minimum digits Login/min_password...
Read more

SAP Security - User Admin - Part 04

  What Is User Comparison in SAP? User Comparison in SAP is a technical process used primarily by SAP security and system administrators to ensure that user authorizations match their assigned roles and profiles . It’s a key part of SAP’s security model and ensures that users can actually use the permissions that have been assigned to them in the role-based access control system.   Why User Comparison Matters In SAP, there’s a difference between: Assigning a role to a user And making the authorizations effective When an administrator assigns or removes a role, SAP doesn’t always immediately update the user’s master record with the correct authorization profiles. This is where user comparison comes in: it reconciles the user’s master record so that the system knows what the user really has permission to do. Put plainly: ✔ Without user comparison — a user might have a role but no effective authorizations ✔ With user comparison — the user ’ s prof...
Read more