Difference between User Group in "Logon data" and "Groups"
tab in SU01
Answers were Sorted based on User's Feedback
Further more adding to the response and replying to above
post : The user group in Logon tab is user's primary user
group. When you go to maintain or create user then the
check is made whether u have access to that user group in
S_USER_GRP or not. For you also when someone change or
maintains youe umr then for that user your user grp is
checked. Logon tab contains that user group. Also this
enables you to assign the user group you have here to other
users.
The users who do not have any user grp assigned to them can
be maintained by all administrators.
In groups tab we can maintain more tha one user group for a
user. Those are called secondary user groups.
Is This Answer Correct ? | 11 Yes | 0 No |
Answer / mar
The diff between Logon data group you can map one user with
only one group.But in groups you can map one user with
multiple group.
Is This Answer Correct ? | 18 Yes | 13 No |
Answer / shad
further to above replies,
As per my understanding Authorization user group is added in
Logon data tab whereas general user group is added in Groups
tab. User can have only one authorization user group whereas
user can have multiple general user group.
With authorization user group you can segregate user
maintenance. for ex: In a large organization, you may
distribute users into different groups and each group can
further be managed by an Administrator
Is This Answer Correct ? | 4 Yes | 0 No |
User Group under Logon data - It is used for Authorization check. Auth. Object S_USER_GRP(ACTVT, CLASS) will be checked. This is helpful to restrict admins to particular group. They cannot access the information from other group.
Groups Tab - This is a general purpose group. This is not used for Authorization check at all. Anything maintained or not maintained here doesn't make any difference. This was helpful when SUIM T-code was used for searching users with Users with complex selection criteria to get details of user assigned to particular group. This not not used much.
Example for User Group under Logon Data Tab:
Assume you have a Basis team and want to just access the users for this team, you will just create a group(ex.: Basis) for all these users and restrict the admin to just have access to the group(ex. Basis) with these users. The admin will then have access to only users under this group and cannot access other users at all.
Is This Answer Correct ? | 2 Yes | 0 No |
Answer / guest
Further more adding to the response and replying to above
post : The user group in Logon tab is user's primary user
group. When you go to maintain or create user then the
check is made whether u have access to that user group in
S_USER_GRP or not. For you also when someone change or
maintains youe umr then for that user your user grp is
checked. Logon tab contains that user group. Also this
enables you to assign the user group you have here to other
users.
The users who do not have any user grp assigned to them can
be maintained by all administrators.
In groups tab we can maintain more tha one user group for a
user. Those are called secondary user groups.
Is This Answer Correct ? | 0 Yes | 0 No |
Answer / annavarapu
the group that are showing in logon data is identification of user which group he is belongs to and the group tab is to add that user in multiple groups...like ex:-
If i am a basis employee we will group him at logon tab...
and we want to add this guy into more groups we will add those at group tab ......
Is This Answer Correct ? | 2 Yes | 4 No |
Answer / guest
pls answer 4 time asking this question pls send to clear
answer with exampls
Is This Answer Correct ? | 1 Yes | 4 No |
Answer / guest
Instead of giving a user group in logon data tab we can
specify it in gruops tab, then also the identification of
user group is same...what is the difference in this case?
can any one please answer this. Thanks in advance
Is This Answer Correct ? | 0 Yes | 3 No |
what are the prerequisites we should take before assigning sap_all to a user even we have approval from authorization controllers ?
How to update risk id in rule set?
How to find list of roles which are not assigned to any user
can we restrict access through tcode added manually in authorisation data in creating a role?
hi..guys... can u tell me? what is the solution manager.. and what is the use? which type of commands we should follow?
How to assign sap_all to end user if i have approval?remember i do not have GRC.
what is difference between se16N and sm31?
I want to reset the passwords of 100 users.how do you do it?
How to trace the Users in BI Security and give me navigation
I want to lock all the users except sap* and DDIC of a particular client ?
How to transport a T-code into Production?
how to we Assigning Portal groups for Business users in BI