SAP Library - Find your answers

I want to create new user for SAP module. I am having user id as sap* (someone has said that this is super user id); when I login with this id and go to IMG for configurations. A message is displayed that I am not authorised to change the details with sap* user.

What is the procedure for creating new user which have all features define under SAP* user and which could allow me to make the configruations.

Creating new user with superuser authorizations.

1. Goto SU01 --
username : sapuser
|-->Create.

2. In default settings, give
:Mr
first name : sap
lastname : user

3. Goto next tab,
give initial password :1234
repeat password : 1234

4. Goto profiles.
type- sap_all (say enter)
sap_new (say enter)
Then save....
See the message in status bar, (user created successfully)

5. Login with the new user. change the password. now this user contains all superuser authorizations.

How To Provide All Rights To The User

I have created user id & password by SU01 and menu, roles,authorization. I gave tcode se38 to the user in menu (by PFCG). Now when I tested by giving newly created user id password and when I enter the tcode : se38
and gave the program name and clicked display, it show "no display authorization", how to provide all rights to the user.

By: Sangy

Following are the solutions for your queries:

1.) Transaction code SE38 is to created program in SAP, the programs are created or customized only by Developers/Abapers who have Developer Key and an Object key which are called as Acces key,without which no one can write a program in SAP,there is a option to write a program, i.e by login with the user SAPUSER which is default user of SAP which can create a program, because this reason you are not able to display the things with the Tcode-SE38.

2.) All rights to the user can be given by assigning SAP_ALL to the user in the profiles while creating the user.

3.) To assign SAP_ALL to the user, hit tcode SU01 to create a user.

a.) Give the name for the user and select create tab.

b.) First tab Address the Lat name only is mandatory else fill all the details.

c.) Select Logon tab in which Password is important, hence give the password.

d.) Select the Profile Tab-->Give SAP_ALL & SAP_NEW,and save the user.Now the user can access all the tcodes with SAP_ALL profile.

Creating New User With Authorizations

I want to create new user for SAP module. I am having user id as sap* (someone has said that this is super user id); when I login with this id and go to IMG for configurations. A message is displayed that I am not authorised to change the details with sap* user.

What is the procedure for creating new user which have all features define under SAP* user and which could allow me to make the configruations.

Creating new user with superuser authorizations.

1. Goto SU01 --
username : sapuser
|-->Create.

2. In default settings, give
:Mr
first name : sap
lastname : user

3. Goto next tab,
give initial password :1234
repeat password : 1234

4. Goto profiles.
type- sap_all (say enter)
sap_new (say enter)
Then save....
See the message in status bar, (user created successfully)

My admin user ID has been locked out. Is there a table I can update in Oracle to reset the flag and enable myself to log in?

EXPERT RESPONSE

Select all entries of table USR02 where ‘UFLAG’=128. These users are locked by reason of incorrect logons. ‘UFLAG’=64 will give you the users that are blocked by Administrator. Set ‘UFLAG’ to 0, to unlock your account.

To see the network IP address from which a user has logged on,

perform the following steps:

Call transaction OS01,

click "Presentation Server" button, "Change View" button.

If you are using Citrix, you will not be able to view the user individual IP address as it will be the same Citrix IP address.

To check the speed and quality of the user's network connection,

How to Check Missing Authorisation for User

How to check the missing authorisation for the user not having the option "/nsu53 ?"

You can use the following procedures to determine which authorizations a user requires to carry out a transaction:

You can use Trace function, ST01, you can trace the user activity and from the log you can see the authorization missing.

Start an authorization trace using the ST01 transaction and carry out the transaction with a user who has full authorizations. On the basis of the trace, you can see which authorizations were checked.

This procedure generally works well. However, sometimes the result is very surprising because certain programs can and do ignore some authorization checks by using preliminary checks and buffered results. In such cases, these methods are not very effective. You can recognize these cases because certain fields of the corresponding programs are specified with * or DUMMY at some point of the authorization check.

Analyzing authorization problems in an unknown program

The most frequently used method to analyze authorization problems in an unknown program involves you setting the Debugger breakpoints to the AUTHORITY-CHECK and MESSAGE commands. Then execute the program and analyze its behavior.

Determining all the authorizations a user has for an authorization object

When troubleshooting, it is often helpful to find out all the authorizations a specified user has for a specific authorization object. A simple method of reading these authorizations as raw data from the user master record is to execute the GET_AUTH_VALUES function module in the SUSR function group. Use the SE37 transaction or SE80 in test mode to do so. The result table is not formatted for output, but is very compact and easy to understand for authorization experts.

Analyzing an authorization problem that occurs for only one user

It is often the case that a certain authorization problem occurs for only one specific user. This kind of authorization problem generally affects users with no Debugging authorization. If you want to assign a user Debugging authorization without changing the HR authorizations, you can add the S_A.DEVELOP authorization profile (if available) to the user’s authorization profiles. In production systems, note that changes such as these to authorizations enable users (with relevant knowledge of the development environment) to access any system data easily (especially in other clients).

How to find the list of tcodes executable for an user or the tcodes which an user is authorized in SAP.
Use SUIM .
goto SUIM tcode then drill down

transactions -----> executable for user.
Then run that program and enter the USERID of the user and press F8. Then you will see the list of tcodes executable for the user

How to check the missing authorisation for the user not having the option "/nsu53 ?"

You can use the following procedures to determine which authorizations a user requires to carry out a transaction:

You can use Trace function, ST01, you can trace the user activity and from the log you can see the authorization missing.

Start an authorization trace using the ST01 transaction and carry out the transaction with a user who has full authorizations. On the basis of the trace, you can see which authorizations were checked.

This procedure generally works well. However, sometimes the result is very surprising because certain programs can and do ignore some authorization checks by using preliminary checks and buffered results. In such cases, these methods are not very effective. You can recognize these cases because certain fields of the corresponding programs are specified with * or DUMMY at some point of the authorization check.

Analyzing authorization problems in an unknown program

The most frequently used method to analyze authorization problems in an unknown program involves you setting the Debugger breakpoints to the AUTHORITY-CHECK and MESSAGE commands. Then execute the program and analyze its behavior.

Determining all the authorizations a user has for an authorization object

When troubleshooting, it is often helpful to find out all the authorizations a specified user has for a specific authorization object. A simple method of reading these authorizations as raw data from the user master record is to execute the GET_AUTH_VALUES function module in the SUSR function group. Use the SE37 transaction or SE80 in test mode to do so. The result table is not formatted for output, but is very compact and easy to understand for authorization experts.

Analyzing an authorization problem that occurs for only one user

It is often the case that a certain authorization problem occurs for only one specific user. This kind of authorization problem generally affects users with no Debugging authorization. If you want to assign a user Debugging authorization without changing the HR authorizations, you can add the S_A.DEVELOP authorization profile (if available) to the user’s authorization profiles. In production systems, note that changes such as these to authorizations enable users (with relevant knowledge of the development environment) to access any system data easily (especially in other clients).

Maximum No. Of SAP Session Per User

You set this Parameter : rdisp/max_alt_modes in transaction RZ10.

Add in the above parameter in the Instance Profile - Options Extended Maintenance.

Restart the R/3 instance.

The default maximum no. of sessions in 4.6x is set as 6 session per user.

Use profile SAP_UONL while client copy.

Using the transaction code SSM2, you can change the system wide User Menu, i.e., this change will applied to all the users. If they are using their personalized menu, it will not be modified.

Login to the system database..then run a query to update the USR02 table.

To lock an user.

SQL> UPDATE USR02 SET UFLAG = '64' where BNAME='USERID' AND MANDT='CLIENT'
SQL> COMMIT

To unlock an user use

SQL> UPDATE USR02 SET UFLAG = '0' where BNAME='USERID' AND MANDT='CLIENT'
SQL> COMMIT

Here the different values of uflag have different meaning
UFLAG value

0 ------ Not locked

16 ------ Mystery values

32 ------ Locked by CUA admin

64 ------ Locked by system Administrator

128 ------ Locked due to incorrect logon attempts or too many failed attempts

192 ------ A combination of both. The user is locked by admin and user tries to logon with incorrect passwords and gets locked ( 192 = 64+128)

User data resides in table usr01-usr31 and ush*. This can be used as a quick and dirty way to obtain user data for any key -- such as user type, last logon, or any other information that I may want to filter data with relation to users. You can see different views with se11, se16, or se17, or you can make mass changes using se21.

To Create, Display, Delete SAP Marketplace User ID, please go through the following link:-

http:\service.sap.com\user-admin

Use

Flow

Allocating Memory for Dialog Work Processes

The following graphic shows how the memory management system assigns memory to a dialog work process with different memory types. Normally, dialog work processes process requests from dialog users of the R/3 System.

The work process reaches the limit of the R/3 Extended Memory for work processes. This limit is set in the system profile parameter ztta/roll_extension.

The R/3 Extended Memory is used up. The size of the extended memory pool is set in the system profile parameter em/initial_size_MB.

Allocating Memory for Other Work Processes

The following graphic shows how the memory management system assigns memory to non-dialog work process (background, update, lock and spool work processes) with different memory types.

To see the network IP address from which a user has logged on,

perform the following steps:

Call transaction OS01,

click "Presentation Server" button, "Change View" button.

If you are using Citrix, you will not be able to view the user individual IP address as it will be the same Citrix IP address.

To check the speed and quality of the user's network connection,

Keyword: BASIS
Title : Creating the CSMREG User

To get the list of transactions executed by a user in a specific period of time:

Go to ST03. Select choose for analysis. Choose only one application server at a time in case you have multiple application servers. Choose time period of your choice.
In the next screen from menu choose GO TO-->PROFILES->-USER PROFILES. Here you will get the list on users who have worked on that application server.
Double click on the required user and you will get all the transactions he/she has executed.
In case you select TOTAL in step 1 and then follow the steps 2 and 3 you will only get the list of application server on which the user has worked and not the transaction details.

How do you do that? By running a function module!!
SM02 sends messages to all users, not a specific one
So use function module TH_POPUP
goto Transaction code SE37 enter the function module name & test run it
the the resulting screen is shown below, type the details and execute
The the user will see message like this ( System name is blurred for privacy reasons)


The user must be logged into the system to receive the message

Keyword: BASIS
Title : Mass user creation using SCAT