User Admin

&KDSWHU 8VHU$GPLQLVWUDWLRQ
&RQWHQWV
Overview ................................................................................................................12–2
Recommended Policies and Procedures ...........................................................12–3
New User Setup.....................................................................................................12–7
Maintaining a User (SU01)..................................................................................12–24
Resetting a Password (SU01) ............................................................................12–26
Locking or Unlocking a User (SU01).................................................................12–27
User Groups ........................................................................................................12–29
Deleting a User’s Session (Transaction SM04)................................................12–32
System Administration Made Easy 12–1

Chapter 12: User Administration
Overview
2YHUYLHZ
User administration is a serious function, not just a necessary administrative task. Security is
at stake each time the system is accessed. Because the company’s financial and other
proprietary information is on the system, the administrator is subject to external
requirements from the company’s external auditors, regulatory agencies, and others.
Customers should consult with their external auditors for audit-related internal control user
administration requirements. For example, human resources should be consulted if the HR
module is implemented or if personnel data is maintained on the system.
A full discussion on security and user administration is beyond the scope of this guidebook.
For example, manually creating and maintaining security profiles and authorizations is also
not covered. Our discussion is limited to a general introduction and a list of the major
issues related to security. The two sections below affect all aspects of security, which is why
we begin with them.
8VHU*URXSV
User groups are created by an administrator to organize users into logical groups, such as:
< Basis
< Finance
< Shipping
For additional information, refer to the section User Groups on page 12–29.
3URILOH*HQHUDWRU
The Profile Generator is a tool used to simplify the creation and maintenance of SAP
security. It reduces (but does not eliminate) the need for specialized security consultants.
The value of the Profile Generator is more significant for smaller companies with limited
resources that cannot afford to have dedicated security administrators. For more
information on the Profile Generator, see the Authorizations Made Easy guidebook.
Release 4.6A/B
12–2
Recommended Policies and Procedures
5HFRPPHQGHG3ROLFLHVDQG3URFHGXUHV
Some of the tasks in this guidebook are aimed at complying with common audit procedures.
Obtaining proper authorization and documentation should be a standard prerequisite for all
user administration actions.
8VHU$GPLQLVWUDWLRQ
User administration tasks comprise the following:
< User ID naming conventions
The employee’s company ID number (for example, e0123456)
Last name, first initial, or first name, last initial
In a small company where names are often used as ID, it is common to use the
employee’s last name and first initial of the first name or the employee’s first name
and first initial of the last name (for example, doej or johnd, for John Doe).
Clearly identifiable user IDs for temporary employees and consultants (for example,
T123456, C123456).
< Adding or changing a user
The user’s manager should sign a completed user add-or-change form.
The form should indicate the required security, job role, etc., that defines how
security is assigned in your company.
If security crosses departments or organizations, the affected managers should also
give their approval.
If the user is not a permanent employee, or if the access is to be for a limited time, the
time period and the expiration date should be indicated.
The forms should be filed by employee name or ID.
A periodic audit should be performed, where all approved authorizations are
verified against what was assigned to the user.
< Users leaving the company or changing jobs
This event is particularly sensitive.
The policies and procedures for this event must be developed in advance and be
coordinated by many groups. As an example, see the table below.
System Adminstration Made Easy

12–3
Group Responsibility
Human resources Legal or personnel matters

External auditors Internal control issues related to financial
audit
IT Procedures to terminate network access
Senior management Policy approval
Employee’s manager “Handover” or training period for the
employee’s replacement
To manage terminated employees:

< The user’s manager or HR should send a form or e-mail indicating that the employee is
leaving.
< The user’s ID should be locked and the user assigned to the user group “term” for
terminated.
If the user’s ID is not required as a template:
The activity groups assigned to the user should be deleted.
(use transaction SU01, under the Activity Group tab, delete the activity groups).
The security profiles assigned to the user should be deleted
(use transaction SU01 and under the Task profile and Profile tabs, delete the profiles).
< Check Background Jobs (transaction SM37) for jobs scheduled under that user ID.
The jobs will fail when the user ID is locked or deleted.
< If the user leaves one job for another and needs to maintain access for handover, this
handover should be documented.
The duration of the handover access must be defined and the expiration (Valid to) date
entered in the R/3 System.
< All temporary employees or consultants should have expiration (Valid to) dates on their
user IDs.
Similar to banks, there should be a “secret word” that users could use to verify their
identity over the phone. This word would be used when the user needs their password
reset or their user ID unlocked. But, realize that others can “overhear” this secret word
and render it useless.
Release 4.6A/B
12–4
6\VWHP$GPLQLVWUDWLRQ
< Special user IDs
The two user IDs (SAP* and DDIC) should only be used for tasks that specifically
require either of those user IDs. A user who requires similar “super user” security rights
should have a copy of the SAP* user security.
The security rights of SAP* and DDIC are extensive, dangerous, and pose a security
risk. Anyone who requires or requests similar security rights should have an extremely
valid reason for the request. Convenience is not a valid reason. The security profiles
that serves as the “master key” are SAP_ALL, and to a lesser degree, SAP_NEW.
The user ID SAP* should never be deleted. Instead:

1. Change the password.
2. Lock the user ID.
If the user ID SAP* is deleted, logon and access rights are gained by rights programmed
into the R/3 System. The user ID SAP* then gains unknown and uncontrollable security
rights.
The user IDs SAP* and DDIC should have their default passwords changed to prevent
unauthorized use of these special user IDs.
An external audit procedure checks the security of these two user IDs.
For medium- and large-size companies, granting developers SAP* equivalent security
rights in the development and test systems is usually inappropriate. SAP* equivalent
security in the production system is a security and audit issue and should be severely
limited.
< User passwords

Parameters that define and restrict the user password are defined by entries in the
system profiles.
Passwords should be set to periodically expire.
The recommended expiration date is no more than 90 days, but auditors will usually
want this date to be set at 30 days.
Minimum password length of five (5) characters should be set.
User should be locked after three unsuccessful logon attempts.
The table of “prohibited” passwords (USR40) should be maintained.

12–5
Sample R/3 User Change Request Form
Company ID:
R/3 User Change Request
System/Client No. PRD 300
QAS 200 210 220
DEV 100 110 120
Employee: Type of Change W Change user
Department Name/Cost Center Number: W Delete user
W Add user
User ID:
Position: Expiration Date (mandatory
for temporary employees)
Secret Word: Request Urgency W High
Requester: W Medium
Requester’s position: W Low
Requester’s phone:
Employee’s Job Function (If similar to others in department, name and user ID of a person with similar job function):
Special Access/Functions:
Requester Signoff
Name Signature Date Signed
Manager Signoff
Owner Signoff

Security
In addition to security approval (above), is a signed copy of computer security and policy statement attached?
W Yes W No
Release 4.6A/B
12–6
New User Setup
1HZ8VHU6HWXS
3UHUHTXLVLWHV
*HQHUDO3URFHVVRU3URFHGXUH
Before you set up a new user, have “in hand” the user add form (with all the required
information and approvals).
7KH8VHU·V'HVNWRS
Does the user’s desktop meet the following criteria:
< Does the system configuration meet the minimum requirements for SAP?
< Is the display resolution set to a minimum of 800 x 600?
< Is there sufficient space on the hard disk to install the SAP GUI with sufficient room for
desktop application to run?
For windows, a minimum of 50MB free space should remain after installing SAP GUI. A
practical minimum however, is at least 100MB of free space.
1HWZRUN)XQFWLRQDOLW\
Can the user log on to the network?
From the user’s computer:
< Can you “ping” the SAP application server(s) that the user will be logging onto?
< If the SAP GUI will be loaded from a file server, can you access the file server from the
user’s computer where the SAP GUI will be installed?
)RU,QVWDOODWLRQRI6$3*8,
Before you install the SAP GUI, you should have the R/3 server name and the R/3 System
(instance) number (for example, xsysdev and 00). You will need to enter this information
during the installation.
5HFRPPHQGHG3UHUHTXLVLWHIRUWKH*8,,QVWDOODWLRQ
The online documentation should be installed according to the instructions in the SAP
document Installing the Online documentation. The online documentation installation and
access method has changed since Release 3.x.

12–7
New User Setup
,QVWDOOLQJWKH)URQWHQG6RIWZDUH²6$3*8,
The SAP GUI or frontend installation instructions are in the installation guide, Installing SAP
Frontend Software for PCs.
The SAP GUI can be installed from:
< A copy of the presentation CD on a file server
< The presentation CD or a copy of the CD
In most situations, accept the installation defaults.
,QVWDOOLQJ6$3*8,IURPD)LOH6HUYHU
The preferred method is to install SAP GUI from a file server because you do not need to
carry the presentation CD around. Also, remote installations can be completed without
shipping out and potentially losing the original CD.
The following is a list of the prerequisites to install SAP GUI from a file server:
< Copy the SAP GUI load files from the presentation CD to a shared directory on a file
server.
< Have access to the shared directory from the user’s PC.
+RZWR,QVWDOOWKH6$3*8,
*XLGHG7RXU

1. Map a drive to the shared drive on the network where the presentation CD has been copied.
Select the mapped drive to the
presentation CD software.
In this example, Sim-cd on
‘Pal100767’ (E:).
2. Navigate down to the directory for 1
the gui. 2
In this example, Sim-cd on

‘Pal100767’ (E:) → 46a-gui → 3
Win32.
3. Double-click on Setup.exe.
The installation program starts.
Release 4.6A/B
12–8
New User Setup
4. Choose Next.
5. Select Local installation.

6. Choose Next.
7. Choose Next.

12–9
New User Setup
8. Select SAPgui.
Steps 9–12 are optional.
9. Click on Desktop Interfaces.
10. Choose Change option. 9
8
10
From this screen, select the

components you want:
11. Example, select Graphical
Distribution Network.
This component is required if
system administrators wish to 11
view specific screens.
12. Choose OK.
12
Release 4.6A/B
12–10
New User Setup
13. Choose Next.
13
14. Select English.

15. Choose Next.
14
15
16. Choose Next.
16

12–11
New User Setup
This parameter is set in the R/3

System when the online
documentation is installed
(Release 4.0B+).
17. Choose Next.
17
18. For path for shared drives, choose

Next (not shown).
19. Enter the following information:

< Application server
< System number
20. Choose Next.
19
19
20
21. Choose Next.
21
Release 4.6A/B
12–12
New User Setup
22. Choose Install.
22
23. The SAPSetup window appears to

show you how the installation is
progressing.
The installation is now complete.

24. Choose OK.
24
25. Choose Yes to restart your

computer.
25
To add systems to the SAP Logon see section Adding Systems in the SAP Logon.

12–13
New User Setup
,QVWDOOLQJ6$3*8,IURPWKH3UHVHQWDWLRQ&'
When the network connection between the SAP GUI files on the network and the user is too
slow to permit installation, install SAP GUI from the presentation CD. A slow connection
could result from a slow modem or a slow network link.
A copy should be made of the original presentation CD and the copy shipped to the user
site. You then maintain control of the original CD and reduce the chance that it might get
lost. The SAP GUI installation files can also be copied to other high-capacity removable
media such as ZIP® or optical disk, as appropriate for your company.
The copy of the presentation CD can then be safely sent to the user’s site. From there, it can
be either loaded onto a local file server for installation or installed directly from the delivery
media. The prerequisites for such an installation is that the user has a CD drive or other
drive compatible with the delivery media (ZIP®, optical, etc.) on which the SAP GUI files are
delivered.
To install SAP GUI from a CD:
1. Insert the CD into the drive.
2. In Windows Explorer, choose this drive.
3. Choose Gui → Win32.
4. Double-click on Setup.exe.
5. Follow the same procedure as when loading from a file server.
6. Test your connection
7. Log on to the system.
Release 4.6A/B
12–14
New User Setup
$GGLQJ$GGLWLRQDO6\VWHPV
*XLGHG7RXU

7R$GG$GGLWLRQDO6\VWHPVLQWKH6$3/RJRQ
1. On the SAP Logon window, choose
New.
2. In Description, enter a short

description of the system (for
example, SAS App Server 1). 2
3. In Application Server, enter the 3

name of the server (for example, 4
pal101003 or xsapdev).
4. The SAP Router String field is 5
usually blank. 6
5. In SAP System, select R/3.
7
6. In System Number, enter the system
(instance) number for the instance
in which you are creating the
logon (for example, 00).
7. Choose OK.

12–15
New User Setup
8. The new system is in the SAP

Logon.
8
9. Test your connection
10. Log on to the additional system.
6HWWLQJ8SD1HZ8VHU68
The procedural prerequisite is to check that all documentation and authorizations required
to set up a new user are present.
There are two ways to create a new user:
< Copy an existing user
< Create a new user from scratch
&RS\LQJDQ([LVWLQJ8VHU68
You can copy from an existing user if you have a good match. The new user will have the
same security profiles as the existing user. This process is the easiest and is the
recommended method for a small company.
Create “template” users for the various job functions that can be copied to create new
users.
Prerequisite:
A valid user ID to copy is identified on the user setup form.
Release 4.6A/B
12–16
New User Setup
*XLGHG7RXU

1. In the Command field, enter transaction SU01 and choose Enter

(or from the SAP standard menu, choose Tools → Administration → User maintenance → SU01-Users).
2. Enter the user ID (for example,
GARYN) that you want to copy.
3. Choose .
4. In the Copy Users window, enter the

new user ID in To (for example,
GARY).
4
Follow your company’s naming

convention for creating user IDs.
5. Choose .

12–17
New User Setup
6. Under the Password section, in Initial

password, enter an initial password
(for example, init). Reenter the
same password in Repeat password.
Your company may have a
password policy where a “random”
initial password is to be used. 10
7. In User group for authorization check,
enter the user group (for example,
6
SUPER) to which the user is to be
assigned.
7 8
A user group must exist before a

user can be assigned to it.
8. Check to select from a list of

user groups.
9. Enter dates in the Valid from and
Valid to fields to limit the duration
that the users will have access to the
system.
Entering valid to/from dates is

usually required for contractors and
other temporary personnel.
10. Choose the Address tab to change the
user’s address data.
Release 4.6A/B
12–18
New User Setup
11. Enter the user’s Last name.

12. Enter the user’s First name.
13. Enter the user’s job Function.
14. Enter the user’s Department.
15. Enter the user’s location (for
17
example, Room no., Floor, Building).
16. Enter the user’s phone number.
11
12
13
14
A telephone number should be a 15 15 15
required entry field. If there is a
system problem identified with the
user, you need to contact that user. 16
17. Choose the Defaults tab.

12–19
New User Setup
18. Check that the Logon language is set

correctly (for example, EN for
English). 23
If the system default language has

been set (for example, to English),
then this field is only used to enter a
default logon language for the
individual user (for example, DE for
German).
19. Under Output Controller: 18
a. For OutputDevice, enter a default 21

printer or choose to select a 19a
printer.
19b
b. Select: 22
< Output immediately
< Delete after output 20
20. Check that the Personal time zone is

correct, or choose to select a time
zone.
21. Under Decimal notation, select the
appropriate notation (for example,
Point for United States).
The Decimal notation affects how

numbers are displayed. Setting it
correctly is critical to prevent
confusion and mistakes.
22. Under Date format, select the
appropriate date format
(for example, MM/DD/YYYY).
23. Choose Save.
Release 4.6A/B
12–20
New User Setup
&UHDWLQJD1HZ8VHU68
Sometimes it becomes necessary to create a completely new user. You may need to create a new user when
you do not have another user from which to copy.
*XLGHG7RXU


GARY) that you want to create.
3. Choose .
3
4. Enter the user’s Last name.

5. Enter the user’s First name.
6. Enter the user’s job Function.
7. Enter the user’s Department.
8. Enter the user’s location (for
10
example, Room no., Floor, Building).
9. Enter the user’s phone number.
4
5
6
7
8 8 8
A telephone number should be a
required entry field. If there is a
system problem identified with the
user, you need to contact that user. 9
10. Choose Logon data tab.

12–21
New User Setup
11. Enter an initial password (for

example, init). Reenter the same
password in the second field.
12. In User group for authorization check,
enter the user group (for example,
SUPER) to which the user is to be
14
assigned or choose to select a
user group.
11
12
A user group must exist before a

user can be assigned to it. 13
13. Enter dates in the Valid from and
Valid to fields to limit the duration
that the users will have access to the
system.
Entering valid to/from dates is

usually required for contractors and
other temporary personnel.
14. Choose the Defaults tab.
Release 4.6A/B
12–22
New User Setup
15. As an option, in Logon language,

enter the appropriate language code
(for example, EN for English). 20
If the system default language has
been set (to for example, English),
this field is only used to enter a
default logon language for the
individual user (example, DE for
German).
15
16. Under Output Controller:
a. For OutputDevice, enter a default 16a 18
printer or choose to select a
printer. 16b
b. Select: 19
17
< Output immediately
< Delete after output
17. Under Personal time zone, enter a
time zone or choose to select a
time zone.
18. Under Decimal notation, select the
appropriate notation (for example,
Point, for United States).
The Decimal notation affects how

numbers are displayed. Setting it
correctly is important to prevent
confusion and mistakes.
19. Under Date format, select the
appropriate date format (for
example, MM/DD/YYYY).
20. Choose Save.

12–23
Maintaining a User (SU01)
21. The message indicates that the user

was saved.
21
22. Assign security to the user by using the Profile Generator

(see the Authorizations Made Easy guidebook).
0DLQWDLQLQJD8VHU68
Before maintaining a user, have a properly completed and approved user change form.
The user change documentation is audited in a security audit.
:K\
You need to maintain a user to manage:

< Job changes to an existing job or position
< New jobs or positions
< User data changes, such as name, address, phone number, etc.
Release 4.6A/B
12–24
Maintaining a User (SU01)
*XLGHG7RXU


gary) to be maintained.
3. Choose .
The Maintain User screen allows

you to change a user’s:
< Address 4
< Logon data
< Defaults
< Password
< User group
< Other
4. When you finish making the
changes, choose Save.

12–25
Resetting a Password (SU01)
5HVHWWLQJD3DVVZRUG68
:K\
The most common reason to reset a password is that users forget their password. In this
situation, the user has probably attempted to log on too many times with an incorrect
password. The user has probably also locked their user ID, which also needs to be unlocked.
Make certain the person who requests their password to be reset is indeed the valid user.
A basic user verification method is to have a telephone with a display so that the displayed
caller’s phone number can be compared to the user’s phone number, which is stored in the
system or can be found in the company phone directory.
We recommend that you use a method similar to what banks use where the user has a
“secret word” that verifies their identity on the phone. This method is not foolproof because
someone can overhear the secret word.
You should maintain a security log of password resets. This log should be periodically
audited to look for potential problems.
*XLGHG7RXU


3. Choose .
Release 4.6A/B
12–26
Locking or Unlocking a User (SU01)
4. In the Change Password popup

window, enter a new password in
4
New password and reenter this
password in Repeat password.
5. Choose Copy.
5
For security, you can only set an initial value for the user’s password. Users are then
required to change the password when they log on. You cannot see what the users current
password is, nor can you set a permanent password for the user.
/RFNLQJRU8QORFNLQJD8VHU68
:KDW
The lock/unlock function is part of the logon check, which allows the user to log on (or
prevents the user from logging on) to the R/3 System.
:K\
< Locking a user
R/3 access should be removed if a user:
Leaves the company
Is assigned to a different group
Is on leave
The lock function allows the user ID and the user’s security profile remains on the
system but does not allow the user to log on. This function is ideal for temporary
personnel or consultants where the user ID is locked unless they need access.
< Unlocking a user
Users are automatically locked out of the system if they attempt to incorrectly log on
more than a specified number of times. The administrator must unlock the user ID and
more than likely reset the user’s password.
Before unlocking a user, determine if the request is valid.

Do not unlock a user who has been manually locked without first finding out why this
was done. There may be an important reason why the user should not access the
system.

12–27
Locking or Unlocking a User (SU01)
Maintain a security log of unlocking users, which should be periodically audited for
potential problems.
*XLGHG7RXU


(or choose SAP standard menu → Tools → Administration → User maintenance → SU01-Users).
3. Choose .
3
4. A popup window appears.

In this example, an administrator
has manually locked the user ID. 4
If a user is locked by the system

manager, always check why.
There may be a valid reason to
refuse to unlock a user.
5. Choose .
In this example, this step will
unlock the user.
Release 4.6A/B
12–28
User Groups
6. A message at the bottom of the

screen indicates that the user has
been unlocked (or locked).
8VHU*URXSV
:KDW
A user group is a logical grouping of users (for example, shipping, order entry, and finance).
The following restrictions apply to user groups:
< A user can belong to only one user group.
< A user group must be created before users can be assigned to it.
< A user group provides no security until the security system is configured to use user
group security.
Create the group “term” for terminated users. Lock all users in this group and, for most of
these users, delete the security profiles. This process maintains the user information for
terminated users, and prevents the user ID from being used to log on.
:K\
The purpose of a user group is to:

< Provide administrative groups for users so they can be managed in these groups.
< Apply security.

12–29
User Groups
8VDJH
Following are a few recommended special groups:
Group Definition
TERM Terminated users. This way, user records

can be kept in the system for identification.
< All users in this group should be
“locked.”
< If it is not being used as a template, all
security profiles should be removed
from the user.
SUPER Users with SAP* and DDIC equivalent
profiles.
TEMPLATE Template users to be used to create real
users.
+RZWR&UHDWHD8VHU*URXS68
*XLGHG7RXU


2. From the menu bar choose
Environment → User groups →
Maintain.
2
Release 4.6A/B
12–30
User Groups
3. Enter the name of the user group

you would like to create (for
example, purchasing).
4. Choose .
4
5. In Text, enter a description of the

user group.
6. Under User Assignment, in User, 7
choose to add users to the

group.
7. Choose Save.
5

12–31
Deleting a User’s Session (Transaction SM04)
8. The message inidicates the new

user group was created.
'HOHWLQJD8VHU·V6HVVLRQ7UDQVDFWLRQ60
:KDW
Use transaction SM04 to terminate a user’s session.
:K\
Transaction SM04 may show a user as being active when the user has actually logged off.
This condition is usually caused by a network failure, which cuts off the user, or that the
user has not properly logged off the system. (For example, the user turned the PC off
without logging off the system.)
A user may be on the system and needs to have their session terminated:
< The user’s session may be “hung” and terminating the session is the only way to remove
the user’s session.
< The user may have gotten into a “one way” menu path without an exit or cancel option.
This situation is dangerous, and the only safe option is to terminate the session.
Release 4.6A/B
12–32
+RZWR7HUPLQDWHD8VHU6HVVLRQ
*XLGHG7RXU

1. Verify that the user is actually logged off from R/3 and that there is no SAP GUI window minimized
on the desktop. Verification is done by physically checking the user’s computer.
Verification is important because users may have forgotten that they minimized a
session.
2. In the Command field, enter transaction SM04 and choose Enter

(or from the SAP standard menu, choose Tools → Administration → Monitor → System monitoring →
SM04-User overview).
3. Select the user ID that you want to
delete.
4. Choose Sessions.
In step 3 above, double-check that the selected user is the one you really want to delete.
It is very easy to select the wrong user.
5. Select the session to be deleted.

6. Choose End session.
It may take a while to actually
delete the session so be patient. 5
7. Repeat steps 5 and 6 until all

sessions for that user are deleted. 6

12–33
$FWLYH8VHUV7UDQVDFWLRQV60DQG$/
:KDW
These transactions display all the users who are currently logged on to the system. They
show both the user’s ID and terminal name.
:K\
In a smaller company, the administrator can recognize user IDs logged on to “unfamiliar”
terminals. This recognition may indicate that someone—other than the designated user—is
using that user ID.
A user logged on to more than one terminal indicates that the user ID is being:
< Used by someone else
< Used or shared by several people
User IDs should not be shared for several reasons.

< One reason is that if a problem arises, you will not know who created the problem.
This situation makes the problem difficult to fix, prevent, and from re-occurring.
< Prudent security practices do not allow for sharing of user IDs.
Set the system profile login/disable_multi_gui_login.
< Your external auditors may also perform this test to test your security.
3UREOHPV
Transaction SM04 may show a user as active, when in fact the user has actually logged off.
Because the user session was not properly closed, the system “thinks” that the user is still
logged on.
This condition can be caused by the following (among others):
< A network failure, which cuts off the user from the network or R/3.
< The user turning off their computer without logging off from the R/3 System.
Release 4.6A/B
12–34
6LQJOH,QVWDQFH6\VWHP7UDQVDFWLRQ60
*XLGHG7RXU

1. In the Command field, enter transaction SM04 and choose Enter

(or from the SAP standard menu, choose Tools → Administration → Monitor → System monitoring →
SM04-User overview).
2. Select the user ID to view the
session the user has open.
3. Choose Sessions.
The Overview of Sessions screen

shows what sessions the user has
open.
4. Choose .

12–35
0XOWL,QVWDQFH6\VWHP7UDQVDFWLRQ$/
If you have several instances in your system, using AL08 is easier, because you can
simultaneously see all users in all instances.
1. In the Command field, enter transaction AL08 and choose Enter

(or from the SAP standard menu, choose Tools → CCMS → Control/Monitoring → Performance menu→
Exceptions/Users→ Active users→ ALO8-Users, global).
2. The Current Active Users screen
shows all the instances in your
system and the number of active
users.
3. For each instance, the users logged
into that instance/application server
are listed.
2
Release 4.6A/B
12–36

User Admin

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

User Admin

Transféré par

Droits d'auteur :

Formats disponibles

&KDSWHU 8VHU$GPLQLVWUDWLRQ

System Administration Made Easy 12–1

System Adminstration Made Easy

Human resources Legal or personnel matters

To manage terminated employees:

The user ID SAP* should never be deleted. Instead:

< User passwords

System Adminstration Made Easy

Sample R/3 User Change Request Form

Name Signature Date Signed

Name Signature Date Signed

System Adminstration Made Easy

In most situations, accept the installation defaults.

In this example, Sim-cd on

5. Select Local installation.

System Adminstration Made Easy

From this screen, select the

13. Choose Next.

14. Select English.

16. Choose Next.

System Adminstration Made Easy

This parameter is set in the R/3

18. For path for shared drives, choose

19. Enter the following information:

21. Choose Next.

22. Choose Install.

23. The SAPSetup window appears to

The installation is now complete.

25. Choose Yes to restart your

System Adminstration Made Easy

2. In Description, enter a short

3. In Application Server, enter the 3

System Adminstration Made Easy

8. The new system is in the SAP

1. In the Command field, enter transaction SU01 and choose Enter

4. In the Copy Users window, enter the

Follow your company’s naming

System Adminstration Made Easy

6. Under the Password section, in Initial

A user group must exist before a

8. Check to select from a list of

Entering valid to/from dates is

11. Enter the user’s Last name.

17. Choose the Defaults tab.

System Adminstration Made Easy

18. Check that the Logon language is set

If the system default language has

a. For OutputDevice, enter a default 21

20. Check that the Personal time zone is

The Decimal notation affects how

1. In the Command field, enter transaction SU01 and choose Enter

4. Enter the user’s Last name.

10. Choose Logon data tab.

System Adminstration Made Easy

11. Enter an initial password (for

A user group must exist before a

Entering valid to/from dates is

15. As an option, in Logon language,

The Decimal notation affects how

System Adminstration Made Easy

21. The message indicates that the user

22. Assign security to the user by using the Profile Generator

The user change documentation is audited in a security audit.

You need to maintain a user to manage:

&KDSWHU 8VHU$GPLQLVWUDWLRQ