User Administration Functions

As an administrator, you can use the following functions in the user administration tool (Tools ® Administration ® User Maintenance ® Users):

Function

Description

This graphic is explained in the accompanying text ‑ Create

Enter a user name and choose Create. For more information, see Creating and maintaining user master records.

This graphic is explained in the accompanying text ‑ Change

Enter an existing user name or an alias and choose Change. For more information, see Creating and maintaining user master records.

This graphic is explained in the accompanying text - Display

Enter a user name or an alias and choose Change. For more information, see Creating and maintaining user master records.

This graphic is explained in the accompanying text Delete

Enter a user name or an alias and choose Delete.

This graphic is explained in the accompanying text Copy

...

1. Enter the name of the user to be copied and choose Copy.

The system displays the Copy User dialog box.

2. In the From field, enter the user to be copied, and in the To field, enter the new user. In the Choose parts group box, you can specify the user data to be copied using the checkboxes. Logon data (password, SNC) is, of course, not copied.

The user administration function appears, and you can edit the new user as described under Creating and Maintaining User Master Records.

Note

You can also rename user master records (User ® Rename) if you simply want to replace one record with an identical one of a different name.

This graphic is explained in the accompanying text – Lock/Unlock

Enter an existing user name and choose Lock/Unlock to grant or deny a user access to a system. Locking or unlocking a user master record takes effect the next time a user attempts to log on. Users who are logged on at the time that changes are made are not affected.

The system automatically locks users if twelve successive unsuccessful attempts are made to log on. The lock is recorded in the system log, along with the terminal ID of the machine where the logon attempt took place.

You can set the number of permissible unsuccessful logon attempts in a system profile parameter (see Profile Parameters for Logon and Password (Login Parameters)).

This automatic lock is released by the system at midnight. You can also remove the lock manually before this time. Locks that you specifically set yourself apply indefinitely until you release them.

This graphic is explained in the accompanying text ‑ Change password

Enter the user name and choose Change password.

This new password must fulfill the standard conditions regarding permissible passwords (see Password rules). For more information, see Logon Data Tab Page or the F1 help.

The new password take effect immediately, meaning that the user can use the new password immediately after the change.

Users can change their own passwords no more than once a day. System administrators, on the other hand, may change user passwords as often as necessary.

Special Features for Central User Administration (CUA).

If you change passwords in the central system, a dialog window with a list of target system appears. You can activate or deactivate the password in this window (see Logon Data Tab Page).

The selections in the dialog window are set so that if you are changing the password the child system is selected, and if you are deactivating the password, the central system is selected. You can change this setting.

Edit ® Address

Select a component (telephone number, fax number, and so on) and make changes as needed.

Info ® Info System

With this function, the system displays the User Information System (transaction SUIM).

Environment ® Mass changes

You can also perform most changes which can be made for one user in the user management for a selected set of users. For more information, see Mass changes.

Environment ® Archive and read

Displaying Change Documents

To call a list of changes to user master records, authorization profiles and authorizations, choose Information ® Information system and then Change documents. The system logs the following changes:

Direct authorization changes for a user (that is, changes to the profile list in the user master record).

Indirect changes are changes to profiles and authorizations contained in the user master record. These changes cannot be seen in the display. You can, however, see them in the change documents for profiles and authorizations.

Changes to user passwords, user type, user group, validity period and account number

For each change made, the log shows the deleted value in the Deleted entries line. The changed or new value is displayed in the Added entries line.

Archiving change documents

User master records and authorizations are stored in the USR* tables. You can reduce the amount of space that these take up in the database by using the archiving function. Change documents are stored in the USH* tables. The archiving function deletes change documents that are no longer required from the USR* tables.

You can archive the following change documents relating to user master records and authorizations from the USH* tables:

Changes to authorizations (archiving object US_AUTH)

Changes to authorization profiles (archiving object US_PROF)

Changes to the authorizations assigned to a user (archiving object US_USER)

Changes to a user’s password or to defaults stored in the user master record (archiving object US_PASS)

The functions for administering users and authorizations provide access to the archiving system. In the user administration function, choose Environment ® Archive and read. In profile and authorization administration, choose Utilities ® Archive and read. You then have two options, either Archive auth. docs or Read auth. docs. These options refer to whether you want to archive or read change documents pertaining to users, profiles or authorizations.

For more detailed information about the archiving system, see the Archiving User and Authorization Changes section in Data Archiving in the SAP Web AS.

Environment ® Maintain Profiles

With this function, you go to the obsolete, manual profile administration (transaction SU02). Instead of this, use the new role administration tool (transaction PFCG).

Environment ® Maintain Authorization

With this function, you go to the obsolete authorization administration (transaction SU03). Instead of this, use the new role administration tool (transaction PFCG).

Environment ® User groups

Users can be assigned to one or more user groups. For more information, see User groups.

Environment ® Organizational Assignment

You can assign a position to the user in accordance with his or her place in the organizational management here.

Environment ® Maintain Company Address

With this function, you go to the company address administration (transaction SUCOMP). You can assign the company address in user administration using the relevant pushbuttons.

Environment ® Distribution Log

The log display for central user administration appears, in which you can display distribution logs (transaction SCUL).

End of Content Area

No comments: