Scribd
Upload
223 views5 pages

Technical Sap Security

User groups in SAP are created on a per-client basis. [1] To create a new user group, use transaction SUGR and enter the user group name, then add user IDs and a description. [2] Users can then be assigned to the user group using SUGR, or via the Groups or Logon Data tabs in transaction SU01. [3] User groups control authorization and access for administrative activities like resetting passwords.

Uploaded by

Mohammad Ali SAP Security GRC Consultant
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
223 views5 pages

Technical Sap Security

User groups in SAP are created on a per-client basis. [1] To create a new user group, use transaction SUGR and enter the user group name, then add user IDs and a description. [2] Users can then be assigned to the user group using SUGR, or via the Groups or Logon Data tabs in transaction SU01. [3] User groups control authorization and access for administrative activities like resetting passwords.

Uploaded by

Mohammad Ali SAP Security GRC Consultant
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

User groups are client dependent so have to create groups in each client/system manually.

Creation of user group:

SUGR is standard transaction to maintain user groups in SAP standard system.

Follow the steps below to create a new User groups.

1.Enter the SUGR T-code in SAP Easy Access Menu.

2. SUGR will take you to a screen, enter the desired new User Group and click on create icon as show in
the below figure.
3. Enter the user ids and give description then click on save.

4. now user group has been created.

5. Now assign user group in Log on data tab and Groups tab in SU01.

Assign users to user group:

3 possible ways to assign users to user group.

1) Using SUGR T code.

2) Groups tab in SU01.

3) Log on data tab in SU01.

Use of user group:

What is user group?


Where to delete users from user group?

How assign a one role to all members in user group?

Difference:

User group for authorization check: In log on data tab user group, only one group can be assigned and it
is relevant for the object S_USER_GRP.

General user groups: Here you can assign a multiple of user groups to the user, but it is not relevant for
the object S_USER_GRP

SUGR change is in the Group tab of SU01 and not in (Log on data - User Group for Authorization check).

With the help of SU10 -> Authorization data and SUGR you can perform a mass change to move users to
different group. I have done the job and would not take lot of time if you know what groups are to
moved where.

Q:is it possible to see who had created a User Group (Transaction SUGR or SU01) or is it possible to see
who had changed or deleted a User Group?

A: You can use SM20 to see who has used the T-code SUGR through which a person can delete the user
group.

You can also use STAD if the time span is short.

You can also use ST03N in expert mode to know who have used the transaction SUGR.

Once you know the users who visited the T-code, analyse the access of that user on that day to see if he
could have deleted the group.

The SUGR user groups are for protecting administration activities on the user master record itself (like
reset password, etc).

S_user_grp
You can divide user administration between several administrators with this authorization object, by
assigning only a certain user group to an administrator. You can use the activities to specify the
administrator’s processing types for the group (such as creating, deleting, and archiving).

Authorization object for SUGR:

S_USER_GRP

ACTVT : Activities.

CLASS :User Group Name

Technical Questions:
+What is your role design?

+How many users or roles till have u created?

+What is your ticketing tool?tell something about it?

+What we have to check "modifiable" in transport request?what is its


importance?

+Have you heard about prgn_compress_times? Answer

+Difference between service user and dialogue user?Answer

+ What is the importance of log on data user group in su01?

+ Why su53 doesn't give accurate results?

+How to find role dependency?Answer

+Use of reference user?

+Importance of E070and E071?

+How to find 500 users validity at a time?

+ Difference between log on data tab user group user group's user group in su01?
+What is role dependency?Answer

+ What is Pfcg_time_dependancy?how do you set up this?

+ How many fields in authorization objects?

+ what are the license types in sap?

+what is dormant id?

+ when you choose expert mode in PFCG?

+How many profiles we can assign to user?

+ How to add one composite role to another composite role?

+ What happen when you transport parent role?are child roles(derived roles)
along with parent role?

+Use of miniapps in pfcg?

Friends remember one thing "confidence beats competition"

You might also like