User Groups
User Groups
User groups are basically an instrument for the user administration,
but you can also utilize them for internal organization of users.
Users can be assigned to multiple user groups.
We have two different fields for user groups in the user master
[transaction SU01]:
1. Groups – on the groups tab
This field is for the internal organization of users and helpful e.g.
for mass maintenance - if you want to maintain users of a certain group.
This group is also called the General user group.
2. User groups for authorization check - Logon tab
This field allows to restrict user maintenance to specific groups
based on the authorization object S_USER_GRP.
If a user has an assignment maintained in this field,
the user administrator will need the corresponding group
assigned to his authorization based on S_USER_GRP
to be able to actually maintain this user.
Example:
The user MWAGENER is assigned to the group SEC.
The user administrator who wants to maintain this user
MWAGENER will need the authorization:
S_USER_GRP
with ACTVT = 02 [change]
with CLASS = SEC
The activities that are available for defining the access level on
S_USER_GRP are the following:
What do they have in common – what is different?
The user groups are generally maintained via transaction SUGR.
Though both described fields pull the information from the same table USGRP,
only the entries in User group for Authorization Checks are actually relevant for
checks on S_USER_GRP.
The information for User group for Authorization Checks is also stored in the table USR02 in the field CLASS [User group] whereas the assignment for the field
General user groups is stored in the table USGRP_USER, and can be displayed
via SE16N e.g.
The report RSUSR002 allows to distinguish and select users based
on the respective group information.
