ABAP Query : User groups

prabhu_s2 · ‎2007 Oct 04

Hi

What is f/n and use of user groups (SQ03) in abap queries ? Need to know on how it wil be useful

former_member188827 · ‎2007 Oct 04

when u assign a user group to a query, only users in dat user group can execute da query...so unauthorized access to query is prohibitted..

plz reward points if dis helps

prabhu_s2 · ‎2007 Oct 04

okie....i tried to exectue the query via SQ01 by login into another id which is not assigined in user groups. but still i'm able to execute it. the same when i did it by creating a transaction

Former Member · ‎2007 Oct 04

Hi Prabhu,

Go through the blog i have updated.You will find step by step method.

http://theguruspeaksaboutsap.blogspot.com/2007/09/step-by-step-abap-query-in-version-6.html

Reward if helpful.

Regards,

Harini.S

prabhu_s2 · ‎2007 Oct 04

thks harini....but i already have developed the qurieis. my doubts came when i exectued the query from another id that is not linked in the user group i have created

Former Member · ‎2007 Oct 04

hi

good

Transaction SUGR - have a look. Purpose for example is to give certain system admin rights to unlock / change password only to a given user group. You assign user group to an user id via SU01.

User group can be used for different reasons and in different way.

In the latest versions of SAP, actually two types of usergroup exist, the authorization user group and the general user groups.

Naturally the main reason of user groups is to categorize user into a common denominator.

The authorization user group is used in conjunction with S_USER_GROUP authorization object. It allows to create security management authorization by user group. e.g. you can have a local security administrator only able to manage users in his groups, Help-Desk to reset password for all users except users in group SUPER, etc...

The general user group can be used in conjunction with SUIM and SU10, to select all the users in a specific group. User can only be member of one authorization user group but several general user group.

One of the Primary uses of user groups is to sort users into logical groups.

This allows users to be categorised in a method that is not dependent on roles/AG's/Responsibilities/Profiles etc.

User Groups also allow segregation of user maintenance, this is especially useful in a large organisation as you can control who your user admin team can maintain - an example would be giving a team leader the authority to change passwords for users in their team.

The most important factor identified is that the lack of user groups is an indication that there may be problems with the user build process. This is very "fuzzy" but is a bit of a warning flag.

The Auditors job is to provide assurance that SAP is set up and administered in a way that minimises risks to the financial data produced. If the only thing they have picked up on is the lack of usergroups then you will be fine.

If you are in any doubt whatsoever ASK THE AUDITOR. They would have produced a report listing why they feel there is a risk by not having User Groups implemented. If you feel that the risk is mitigated by other measures then let them know. It works best as a 2 way process and both parties can learn something.

http://help.sap.com/saphelp_nw04/helpdata/en/10/1c8c3e94243446e10000000a114084/content.htm

http://help.sap.com/saphelp_nw04/helpdata/en/7f/af0c36932211d194f60000e82de14a/content.htm

thanks

mrutyun^

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My Account

My Account

ABAP Query : User groups