The concept of user master records User master records defines the user accounts for enabling access to the SAP system. The user master record is mainly used for user administrative and Authorization management (Role Administration). Normally, the user master record contains the user id as well as a wealth of other information which can be used by SAP system administrators in managing users effectively.
For example, the user master record contains information which validates a user log on session. User master record stores important information like users access rights to SAP, user's passwords, the authorization profiles and so on. User master records can be accessed using the Transaction T Code SU01. In t-code SU01, users can be displayed by user id or in case one does not know the user id, users can be displayed using all possible entries.
You need authorizations to create or maintain user master records:
- Authorization to create and/or maintain user master records and to assign a user group (Auth.object S_USER_GRP).
- Authorization for the authorization profiles you want to assign to users (Auth.object S_USER_PRO).
- Authorization to create and maintain authorizations (object S_USER_AUTH).
- Authorization to protect roles. You can use this authorization object to determine which roles may be processed and which activities (Create, Display, Change and so on) are available for the role(s) (object S_USER_AGR).
- Authorization for transactions that you may assign to the role and for which you can assign authorization at the start of the transaction in the Profile Generator (object S_USER_TCD).
- Authorization to restrict the values which a system administrator can insert or change in a role in the Profile generator (S_USER_VAL)