SAP Security: Creating New User Account using Transaction Code SU01

Creating New User Account Using Transaction Code SU01

SAP User Administration functions include User Creation, Change, Display, Delete, Copy, Lock/Unlock, Password reset.
The topic is about creating new user account in SAP system. I have explained two methods. This is relevant for SAP Security Consultants or SAP User Administrators who want to perform user administration activities in SAP system.
The User Administrator must follow the company policies and approval process before creating user account.

Prerequisites for creating New User Account

User Administrator/SAP Security Consultant should have the roles with the below authorizations in it.
1. Authorization Object S_USER_GRP for creating user and assign to user group.
2. Authorization Object S_USER_PRO for assigning authorization profiles to user.
3. Authorization Object S_USER_AUTH for creating and modifying authorizations.
4. Authorization Object S_USER_AGR for assigning roles to user.
5. Authorization Object S_USER_TCD for assigning transactions to the roles.

Procedure:

Method 1: Creating user from scratch

1. Go to Tools-->Administration-->User Maintenance-->User


or Execute Transaction Code SU01

2. Enter the User Name and select create button

3. Go to Address tab and fill the user personal data and other information like telephone number and email address. Last name is mandatory field.

4. Go to Logon tab, select user type as Dialog.
Below are the user types available in SAP System.
1. Dialog: This type is for  individual users where it provides interactive access to SAP system
2. System: This type of users are used for processing background jobs and also used to communicate within the system. For example, used in Central User Administration (CUA) and Transport Management System (TMS).
3. Communication Data: This type of users are used for external communication, for example remote function calls.
4. Service: This type is assigned to anonymous group of users and interactive login possible.
5. Reference: It is intended for assigning additional authorizations. Login is not possible with this type of users.

Provide the initial password. Password field is mandatory. System will throw a popup to change the initial password on the first logon.

5. Go to Roles tab and insert the roles as per the user job functionalities.

6. Go to Profiles tab and insert the profiles as per the requirement.

7. Click on the save button once all the details are completed.

8. Message will display at the bottom when the user is created.

Below is the quick step by step process and followed by demo video on how to create new user account in SAP.
Step 1: Login to SAP system as a SAP Security Administrator
Step 2: Execute the Transaction code SU01
Step 3: Type the user name and click on create icon
Step 4: Fill the personal details of new user in the address tab
Step 5: Select the user type ( as per user job) as Dialog and enter the initial password twice in the logon data tab
Step 6: Select the roles as per the user job functionalities in the Roles tab
Step 7: Select the profile as per the user job functionalities in the Profiles tab
Step 8: Click on Save icon

Method 2: Creating user by copying from existing user

Prerequires for creating user in this method are same as creating user from scratch. Security Administrator must be having authorizations to assign roles, profiles and other required authorizations to the copied user.
The system perform a check while assigning roles and profiles to the copied user  whether the Security Administrator have authorizations or not for assigning roles and profiles.
1. Go to Tools-->Administration-->User Maintenance-->User
Enter Transaction code SU01


2. Enter the new user ID which you want to create and select Copy icon.

3. Enter the existing user ID which you want to copy from

4. Enter the password twice.

5. Click on Save icon. This will create the new user with same roles as the existing user.

Below is the quick step by step process and followed by a demo video on how to create new user from existing user using SU01 in SAP
Step 1: Login to SAP system as a SAP Security Administrator Step 2: Choose Tools--User Administration--User Maintenance--Users or execute t.code SU01 Step 3: Specify the user to be copied and choose copy Step 4: Specify the reference user name and new user name Step 5: Specify the desired check boxes and click on copy icon Step 6: Maintain user screen appears and modify the user roles or profiles if required Step 7: Click on Save icon













Location: Chicago, IL, USA

Comments

Post a Comment

Popular posts from this blog

SAP Security: Critical Authorization Objects

SAP Security: Critical Authorization Objects 1. S_TABU_DIS: This authorization object enables authorization check for displaying or modifying the table content. For accessing the table data, users use SE16, SM30 or SM31 transaction codes. This object contains two fields, DICBERCLS (authorization group) and ACTCT. 2. S_RFC: This authorization object enables authorization check for remote function call to access program modules (function modules). This authorization object contains three fields, RFC_TYPE, RFC_NAME and ACTCT. 3. S_DATASET: This authorization object enable file access at operating system level. This gives permission to access files from ABAP programs. This object contains three fields, File name, Program and Activity. 4. S_ADMI_FCD: This authorization objects enable access to various administrator activities like system monitoring, spool administration, client creations, update administration etc. This object contains one field, system administration functions. 5. S_DE
Read more

SAP Security: How to set auto Logoff for Inactive users in SAP

Image
How to set auto Logoff for Inactive users in SAP SAP provides an options for logging of inactive users in SAP automatically. Inactive means if there is no activity for a specific period of time. By setting the auto logoff improves the security in the SAP system. The auto logoff options is not active in the system by default. This needs to be activated using the profile parameter called rdisp/gui_auto_logout. The value for this parameter should be set in the form of seconds. The inactive users are logout of the system after the specific time period that is set in the parameter. The SAP system doesn't save the data before auto logoff and it does not popup any prompt before auto logoff. Procedure to set the value in the Profile parameter: Execute transaction code RZ10 Select the DEFAULT profile from the selection menu. Select the Extended maintenance and click on change icon. Click on the create parameter icon as shown below. Enter the new parameter name as rdisp/gui_auto_logout and c
Read more

SAP GRC Security Consultant Roles and Responsibilities

SAP GRC Security Consultant Roles and Responsibilities 1. SAP GRC Consultant should have a knowledge on Governance, Risk and Compliance products. 2. Should have a thorough knowledge as well as experience in relation between ERP and GRC systems. 3. Should have an experience in configuring and supporting of GRC components like ARA, ARM, BRM and EAM. 4. GRC consultant should be having good understanding of GRC architecture. 5. Should be having hands on experience in user provisioning, role management, risk analysis, emergency access management and monitoring. 6. Should have experience in pre installation, post installation, connector settings, rule building and MSMP workflows and BRF+ in the ARM and BRM components. 7. Should have experience in end to end implementation of GRC Access Controls. 8. Should have experience in designing and developing the SAP business process. 9. Should be able to gather business requirements and implement the same in the GRC AC modules like ARA, ARM, BRM and E
Read more