SAP Security: Creating New User Account using Transaction Code SU01

Creating New User Account Using Transaction Code SU01

SAP User Administration functions include User Creation, Change, Display, Delete, Copy, Lock/Unlock, Password reset.
The topic is about creating new user account in SAP system. I have explained two methods. This is relevant for SAP Security Consultants or SAP User Administrators who want to perform user administration activities in SAP system.
The User Administrator must follow the company policies and approval process before creating user account.

Prerequisites for creating New User Account

User Administrator/SAP Security Consultant should have the roles with the below authorizations in it.
1. Authorization Object S_USER_GRP for creating user and assign to user group.
2. Authorization Object S_USER_PRO for assigning authorization profiles to user.
3. Authorization Object S_USER_AUTH for creating and modifying authorizations.
4. Authorization Object S_USER_AGR for assigning roles to user.
5. Authorization Object S_USER_TCD for assigning transactions to the roles.

Procedure:

Method 1: Creating user from scratch

1. Go to Tools-->Administration-->User Maintenance-->User


or Execute Transaction Code SU01

2. Enter the User Name and select create button

3. Go to Address tab and fill the user personal data and other information like telephone number and email address. Last name is mandatory field.

4. Go to Logon tab, select user type as Dialog.
Below are the user types available in SAP System.
1. Dialog: This type is for  individual users where it provides interactive access to SAP system
2. System: This type of users are used for processing background jobs and also used to communicate within the system. For example, used in Central User Administration (CUA) and Transport Management System (TMS).
3. Communication Data: This type of users are used for external communication, for example remote function calls.
4. Service: This type is assigned to anonymous group of users and interactive login possible.
5. Reference: It is intended for assigning additional authorizations. Login is not possible with this type of users.

Provide the initial password. Password field is mandatory. System will throw a popup to change the initial password on the first logon.

5. Go to Roles tab and insert the roles as per the user job functionalities.

6. Go to Profiles tab and insert the profiles as per the requirement.

7. Click on the save button once all the details are completed.

8. Message will display at the bottom when the user is created.

Below is the quick step by step process and followed by demo video on how to create new user account in SAP.
Step 1: Login to SAP system as a SAP Security Administrator
Step 2: Execute the Transaction code SU01
Step 3: Type the user name and click on create icon
Step 4: Fill the personal details of new user in the address tab
Step 5: Select the user type ( as per user job) as Dialog and enter the initial password twice in the logon data tab
Step 6: Select the roles as per the user job functionalities in the Roles tab
Step 7: Select the profile as per the user job functionalities in the Profiles tab
Step 8: Click on Save icon

Method 2: Creating user by copying from existing user

Prerequires for creating user in this method are same as creating user from scratch. Security Administrator must be having authorizations to assign roles, profiles and other required authorizations to the copied user.
The system perform a check while assigning roles and profiles to the copied user  whether the Security Administrator have authorizations or not for assigning roles and profiles.
1. Go to Tools-->Administration-->User Maintenance-->User
Enter Transaction code SU01


2. Enter the new user ID which you want to create and select Copy icon.

3. Enter the existing user ID which you want to copy from

4. Enter the password twice.

5. Click on Save icon. This will create the new user with same roles as the existing user.

Below is the quick step by step process and followed by a demo video on how to create new user from existing user using SU01 in SAP
Step 1: Login to SAP system as a SAP Security Administrator Step 2: Choose Tools--User Administration--User Maintenance--Users or execute t.code SU01 Step 3: Specify the user to be copied and choose copy Step 4: Specify the reference user name and new user name Step 5: Specify the desired check boxes and click on copy icon Step 6: Maintain user screen appears and modify the user roles or profiles if required Step 7: Click on Save icon













Comments

Popular posts from this blog

SAP Security: Critical Authorization Objects

SAP Security: How to set auto Logoff for Inactive users in SAP

SAP GRC Security Consultant Roles and Responsibilities