What is the difference between User group in LOGON DATA tab
and user group in GROUPS tab in SU01 t code?
Answers were Sorted based on User's Feedback
Answer / rajesh srisailapu
Hi ,
"Groups" tab in SU01
By using "Groups" tab in SU01, we can allocate user group
to number of users at a time, this is for find the list of
users of a particular user group but we cannot restrict any
user to any region or any location.
User Group in "Logon data"
If we assign any user to User Group in Logon data of SU01,
then user will restrict to particular user group or region
or location. Whenever user trying to do any activity other
than this user group, then system will show “You are not
authorized to "XXXX user group.” Even though user have the
access for particular activity.
Ex: Let us assume some ABC Project, its having multiple
locations like India(SEC_IN), China (SEC_CN), Australia
(SEC_AU)…etc. Each location having individual security
admin with respective user groups. Now India security admin
trying to do password reset to any cross country user like
China user(as per urgency/requirement)then system will
show “You are not authorized to reset password
to “SEC_CN” user group.” Because India security admin is
assign to SEC_IN user group. like this way we can restrict
the users with User Group in Logon data of SU01.
This is the main Difference between User Group in "Logon
data" and "Groups" tab in SU01.
Is This Answer Correct ? | 42 Yes | 4 No |
Answer / halmstad
User Group in LOG ON TAB will under got authorization check
where as User group maintained in user groups tab will not
go under authorization check
Is This Answer Correct ? | 21 Yes | 1 No |
Answer / praveen.grcsecurity
Logon data ----> Used for Authorization purpose
Groups ----> Not used for Authorization purpose
Is This Answer Correct ? | 21 Yes | 2 No |
Answer / vasu.g
Hi Rajesh,
Thanks for the above...!!!
"Groups" tab in SU01
Yes you are correct "By using "Groups" tab in SU01, we can
allocate user group
to number of users at a time, this is for find the list of
users of a particular user group but we cannot restrict any
user to any region or any location."
but if we assgin user to User Group in Logon data of SU01
The user administrators will be ristricted to Maintain the
user master records of particular users, this restriction
will be possible with S_USER_GRP.
Ex: if we have User A with group assgined to "Admin" at
Logon Tab and User B with group assgined to "Support"
if Security admins are rescticted at Auth Object S_USER_GRP
for "Admin" Group, then security admin team can not change
any user Master records of user "A"
Regards,
Vasu.G
Is This Answer Correct ? | 4 Yes | 0 No |
Answer / anusha
Both fields pull data from USGRP table.
entries for "user group " for auth check are checks on S_USER_GRP and they stored in table USR02 and in fld CLASS
where as GROUP is stored in table USGRP_USER
And can be displayed
Is This Answer Correct ? | 2 Yes | 0 No |
Answer / satyajit
User Group for Authorization Check
If you assign a user to a user group for the authorization check on the Logon Data tab, you can distribute user maintenance tasks among several user administrators. The system administrator can assign the respective user administrator the right to create and change users in a group. Using the authorization object User Master Maintenance:User Groups ( S_USER_GRP), you can assign user groups to different administrators.
Users that are not assigned to any of the groups, can be maintained by all administrators.
General User Groups
You use the division of users into user groups on the Groups tab primarily to group users for mass maintenance (transaction SU10). Furthermore, the Global User Manager (transaction SUUM) uses the user groups.
In the user maintenance transaction (SU01), you can assign users to one or more groups on the Groups tab.
Maintaining User Groups
You create user groups using the function Environment -> User Groups -> Maintain. If you are using Central User Administration, you must create the user groups required in all systems.
Is This Answer Correct ? | 1 Yes | 0 No |
Answer / raghuram.kondreddi
1.When you assign user group in groups tab that user name
will not be shown when you extract a report in SUIM-->Users
by complex criteria -->By user Id .
2. When you assign user group in Logon TAB that user name
will be shown in the same .
PLEASE CORRECT ME IF I AM WRONG
Is This Answer Correct ? | 1 Yes | 5 No |
what is the process to find that one consultant had removed a table from sap tables
Can you explain internet-level security?
how we Designed security solution for FI, FM, MM, QM, PM, PS, HR (Time Entry, Travel) modules
what is central user administration?
Can you anybody tell me what are the questions frequently asked 3 years of SAP Security experienced level in INFOSYS company.
Userdone tasks with ffid n system send log reports to controller in his work inbox but whenever its open its showing blank screen, why?
Hii... Any one tell me .. We are using mainly 2 T.R. 1.customizing request. 2.work bench request. Can u tell me ..which are comes under customizing request and which are work bench request
What are su 24 t-codes used for?
what are the service market place activities from authorizations point of view ?
how u add a roleowner in a role
what is user base in sap security?
Is it possible to change role template? How?