EN | DE

Home / BASIS / SU01

SU01: User Maintenance

BASIS - SAP Basis

When to use

Create and maintain SAP users and roles

Typical beginner mistake

Assigning broad roles without least privilege

Business context

Goal: secure and least-privilege system access.

Typical stakeholders: security admin, basis consultant, process owner.

KPIs to watch: critical auth findings, access request lead time, segregation-of-duties conflicts.

Practical example

A new AP specialist needs to post invoices but should not maintain pricing or release payments.

Consultant note: Grant a role focused on AP posting/reporting only; avoid broad composite roles by default.

Case walkthrough: issue to resolution

Problem: User receives too-broad access after urgent onboarding request.

Diagnosis: Compare requested activities with job scope and identify SoD risk objects in assigned roles.

Resolution: Use minimum required composite/single roles, document temporary access expiry, and run periodic access review.

What to verify before execution

Related T-codes