User Groups

What are user groups and how can we use them?

Transaction SUGR is used for User Groups. Purpose for example is to give certain system admin rights to unlock / change password only to a given user group. You assign user group to a user id via SU01.

User group can be used for different reasons and in different way.In the latest versions of SAP, actually two types of user group

The authorization user groups

The  general user groups.

Naturally the main reason of user groups is to categorize user into a common denominator.

The authorization user group is used in conjunction with S_USER_GROUP authorization object. It allows creating security management authorization by user group. e.g. you can have a local security administrator only able to manage users in his groups, Help-Desk to reset password for all users except users in some group.

The general user group can be used in conjunction with SUIM and SU10, to select all the users in a specific group. User can only be member of one authorization user group but several general user groups.

One of the Primary uses of user groups is to sort users into logical groups.

This allows users to be categorized in a method that is not dependent on roles and Responsibilities and Profiles.

User Groups also allow segregation of user maintenance, this is especially useful in a large organization as you can control who your user admin team can maintain - an example would be giving a team leader the authority to change passwords for users in their team.