Online help: User management

Permalink: support.sap.com/user-admin-help

Contents

Introduction

To access the support applications in the SAP ONE Support Launchpad, visitors need a support user ID, commonly named "S-user", and, in most cases, special permissions. For security reasons, SAP customers administer their users and support-related authorizations themselves:

All these tasks are carried out in the User Management application. To use the application, you must have the Edit User Data authorization (and in addition Edit Authorizations to perform special tasks within the application, see below). To request them, contact a super or cloud administrator in your company.

The User Management application:

Starting the application

Enter the SAP ONE Support Launchpad.

Figure 1: SAP ONE Support Launchpad with Support User Management tile

  1. Click the Support User Management tile on the launchpad. It provides an at-a-glance summary of the following:
    • Total users — S-user IDs that can be used to enter the SAP ONE Support Launchpad (including those that were recently created, but have not logged on to the launchpad yet);
    • Requested users — Pending S-user ID requests plus IDs that were recently generated (but have not logged on to the launchpad yet);
    • Recently created — Sub-set of Requested users: Requested S-user IDs that were recently generated but have not logged on to the launchpad yet.
  2. If this tile is not shown on your launchpad, use the icon in the launchpad's upper-left corner to enter the tile catalog and add the tile to your home screen. Click the tile to start the application.

Overview of the application and main controls

Figure 2: Overview of application

  1. The application interface features eight sub-sections that can be accessed using tabs. The figures on the tabs indicate the number of items in the respective sub-section.
    • Users — This section lists all S-users that can enter the SAP ONE Support Launchpad (including those IDs that were recently generated, but have not logged on to the launchpad yet). Default sorting order is by create date with the most recently generated S-user ID at the top.
    • Requested Users — This section lists requested users including those that were recently generated, but have not logged on to the SAP ONE Support Launchpad yet. Default sorting order is by Requested On date with the most recently requested S-user ID at the top.
    • Deleted Users — This section lists S-user IDs that were deleted within the last 12 months as well as those where deletion is in process. Default sorting order is by Deleted On date with the most recently deleted S-user ID at the top.
    • Important Contacts — This section lists selected people in your company — not necessarily S-users — who hold an important function: For instance, they are super or cloud administrators, software recipients etc., often serving as point of contact for SAP concerning a particular topic. Default sorting order is by function, then S-user ID, installation, customer, and CCoE number.
    • Reports and Updates — With the help of powerful selection criteria, this section lets you identify all users that share certain authorizations. You can then mass update their authorizations. More ...
    • Auth. Packages (Authorization Packages) — This section lists sets of authorizations defined by you and other user administrators. The feature allows you to comfortably grant complex authorization profiles to multiple users in your organization that, for instance, work in the same department on the same tasks. More ...
    • Tech. Comm. Users (Technical Communication Users) — This section offers the tools to administer technical communication users (formerly called Support Hub users), which are created for technical purposes only. These IDs are required for system-to-system connections between your landscape and the SAP Support backbone. You cannot use them to log on to SAP websites, e.g. the SAP ONE Support Launchpad, SAP Store or SAP Community. More ...
    • Action Required — All self-service request are collected under the Action Required tab. This includes requests regarding authorizations and extensions of an S-user's expiry date. The KPI indicates the number of open requests.

    Upon launching the application, the tab Users is preselected.

  2. The headline indicates the number of items in the current sub-section.
  3. The respective users are listed below the tab strip in a table that can be customized.

    Clicking an item (other than the user's e-mail address or the "Delete" icon) in the list launches the User Details page for that user where you can change contact details or, if you have the authorization Edit Authorizations, administer the user's support authorizations.

  4. Using icons, the list of users can be downloaded to a local file, listed items can be narrowed to those that you are interested in, and the table layout can be customized.
  5. More rows will progressively get loaded when you scroll down the list. Alternatively, click the Show All link to load all list items at once.
  6. Use the checkbox in the header row or checkboxes in front of rows to select all or individual list items.
  7. Use the buttons in the footer toolbar to
  8. Use the Request User button to request a new S-user ID.
  9. Click the "Delete" icon in the table's Actions column to delete an individual S-user ID. Note that this feature is offered only for S-user IDs without special functions that prevent them from being deleted. More ...

    If the Actions column is not shown, click the "Settings" icon above the list to add it to the table view.

  10. Note that while you are using this application, in the SAP ONE Support Launchpad's central search the repository Users is preselected allowing you to find a particular user by last name, first name, S-user ID, e-mail address, or country.

Customizing the list of users

Above the list of users, icons (and in the Requested Users, Deleted Users, and Important Contacts sub-sections a Filter text input field) offer the following functionality:

Figure 3: The toolbar enables you to customize the list of users

  1. Use the Show All link to load the complete list of users in this section (rather than load it progressively by scrolling down the list).
  2. Use the "Download" icon to download the list of users to a local CSV (comma-separated value) file.

    Note: This file contains the items in the current list, i.e. it reflects any filters that you may have applied. All attributes (table columns) are shown, including those that are hidden in the web interface.

  3. Use the "Filter" icon to narrow the list of items to those that you are interested in. More ...
  4. Adjust the table layout: Use the "Sort" icon to sort the table by one of its columns, e.g. Last Name.
    Use the "Columns Setting" icon to specify which columns shall be displayed and their sorting order. More ...
  5. Enter a text string in the Filter input field to narrow the list to those items that contain this string in one of the (visible as well as hidden) table columns.

Filtering the list

Filters can be applied for displaying only the data that interest you, for example the users in a particular department.

Figure 4: Applying a filter to narrow the list to relevant data

  1. Click the "Filter" icon. The Filter dialog is displayed.
  2. Select a filter criterion, for instance Department. The Filter By: Department dialog is displayed.
  3. Use the checkboxes to select those departments that list items shall be displayed for.
  4. If wanted, return to the Filter dialog and repeat step 2 to narrow the list even further.
  5. Confirm with OK (or revert with Cancel).

Figure 5: User list with applied filters

  1. The headline above the list reflects the number of users matching all filter criteria.
  2. A message strip alerts you about the applied filters.
  3. To reset the filter, click the message strip or the "Filter" icon, then click the "Clear All Filters" icon in the Filter By dialog.

Customizing the table layout

You can specify which table columns shall be displayed as well as their sorting order.

Figure 6: Customizing the table layout

  1. Click the "Settings" icon. The Define Column Properties dialog is displayed.
  2. Use the checkboxes to select those columns that shall be displayed.
  3. If required, use the Search text input field to find a particular column.
  4. Mark a column (e.g. Last Login), then use the "Move to Top", "Move Up", "Move Down" or "Move to Bottom" icons to move it to a particular position, thus change the column sorting order.
  5. Confirm with OK (or abort with Cancel).

Overview of all Action Required items

The Action Required section lists all self-service requests that S-users have submitted for approval: to have their ID extended close to the end of its lifetime, or to get more authorizations assigned.

There are three types of request statuses: Awaiting approval, Approved, and Rejected. Upon entering the section, the list is filtered by requests in status Awaiting approval. To show the full history of already approved and rejected requests, simply remove this filter or use the filter bar to specify other selection criteria.

In the table of all requests, the column Type of Request categorizes the requests by topic, and Processed By indicates which administrator in your organization processed the respective request.

By clicking the "Download" icon, the result list can be downloaded to a local CSV (comma-separated value) file.

Click an authorization request to proceed to the Authorization Request page. A tab strip provides access to page sub-sections that contain contact details (including the reason for request) and authorization details. You can now easily approve or reject the request by clicking the respective buttons in the footer action bar.

If required, you can set the authorization level for the newly granted permission.

Process an expiry date request by selecting it from the list in the Action Required section. This will bring you to the Manage Expiry Date page with its two sub-sections about contact details (including the reason for the request) and the option to manage the expiry date. To set a new expiry date, enter it manually or specify it using the date picker icon, then click Approve in the footer action bar. Alternatively, click Reject to dismiss the request.

Requesting new S-user IDs

Figure 7: Requesting a new S-user ID

  1. On the application's overview screen, select one of the sections Users, Requested Users, Deleted Users, or Important Contacts.
  2. Click the Request User button. The Request User form is displayed.
  3. If your company has several SAP customer numbers, select the one that the new ID shall be associated with.

    Important note: Once the S-user ID has been requested, this association cannot be changed!

  4. Specify the user's salutation, first name, last name, and e-mail address.
  5. Select the user's preferred language from the list. It will become the user's default language upon their first visit to the launchpad.
  6. If wanted, assign the user to a department. To do so, either click the icon in the Department field to select an existing department from the list or use the keyboard to enter the name of a new department.
  7. If wanted, assign the new user a set of authorizations by applying an authorization package.
  8. Click Submit to start the user generation process or Cancel to abort the request.

When you have requested a new S-user ID, it can take up to 24 hours for it to be generated. The new user will receive an e-mail with an activation link, which is valid for 10 days.

User administrators can track the progress of the request under the Requested Users tab where the Status column initially shows In Process and, once the ID has been created, Successful.

Once the new S-user ID has been generated, it will also be listed under the Users tab.

Working with S-users

Administrators with the authorization Edit User Data can change basic properties of their company's (or CCoE's) S-user IDs: Telephone numbers, e-mail addresses, job titles, department associations. In addition, this authorization lets them request and delete S-user IDs.

If you have the authorization Edit Authorizations, you can also grant other S-users special permissions for support applications.

Viewing and changing basic user properties

On the application's overview screen, click a list item in the sections Users, Requested Users, or Important Contacts to enter the User Details page for that user.

Figure 8: User Details page

  1. The header shows the user's ID, name, history, and company association.

    Notes:

    • An S-user ID cannot be reassigned to a different customer number. If required, you have to request a new S-user ID that is associated with that customer number and delete the previous one.
    • If your name is spelled incorrectly, first and last name data are transposed in the wrong fields, or your name changed for legal reasons (e.g. marital status change, gender change, etc.), you can request name changes by reporting an incident under component XX-SER-SAPSMP-USR. Note that the S-user ID has to be associated with the same person as before the name change, see KBA 2597456.
    • For company address changes, please contact your contracts department.
  2. A tab strip provides access to page sub-sections that contain contact details, a summary of the user's authorization profile as well as important functions, and information about a linked SAP Universal ID:
    • Authorizations are required to fulfill certain tasks using applications in the SAP ONE Support Launchpad or SAP for Me website, for instance, report incidents, download software, or check software orders.
    • People holding an important function serve as point of contact for SAP concerning a particular topic. For a comprehensive overview about important functions see the document About the user, authorization and administrator concept.
    • Universal ID (UID) is SAP's new single user login mechanism. With SAP Universal ID, you can log in once to gain access to all your authorized SAP platforms, including the SAP ONE Support Launchpad and its support applications if you link your S-user ID to your UID. More ...
  3. Click the "Edit Contact Details" icon to enter the edit mode for the Contact Details section.

Figure 9: Changing basic user properties

  1. Select or enter the respective values for the user's salutation, preferred language, job title, phone numbers and e-mail address.

    Note: If the user has activated SMS text notifications about important launchpad alerts, by default these are sent to phone 2. Unless the Phone 2 field is empty, in which case notifications are sent to phone 1.

  2. Assign the user to a department. To do so, either click the icon in the Department field to select an existing department from the list or use the keyboard to enter the name of a new department.

    To remove the user from a department, select the first list option, NONE.

  3. Click the "Save" icon to save your changes or the "Cancel" icon to disregard them.

Managing departments

Users can be assigned to departments defined by you and other user administrators in your company. You can filter lists of users or run reports based on this criterion.

Assigning users to or removing them from a department

You can assign one individual user to or remove him from a department by entering the User Details page and changing the basic settings, see above. Alternatively, or to simultaneously change the department assignment for multiple users, proceed as follows:

Figure 10: Assigning users to a department

  1. Enter the Users section of the application.
  2. Select the user(s) from the list by ticking the checkbox(es) beside the user information.
  3. Click the Manage Department button in the footer toolbar of the application. The Manage Departments popover is displayed.
  4. To assign the users to an existing department, choose it from the drop-down list. In long lists, use the search to find the option that you are after.
  5. To assign users to a new department that is not listed, click the "Add" icon, enter a department name, and add it to the list by clicking Save.
  6. To remove the users from their departments, select the first option, NONE.
  7. Confirm with Close.

The department information is updated in the users' information immediately.

Deleting a department

You can remove departments from the list of options in the Manage Departments dialog. Note that all users who are assigned to that department will get unassigned.

To delete a department:

  1. Select any user from the Users list by ticking the checkbox beside the user information. The Manage Departments button in the footer toolbar gets activated.
  2. Click this button so that the Manage Departments popover is displayed.
  3. Click the pencil icon. Beside every department name, a Delete icon will be shown.
  4. Click the Delete icon next to the department that you want to remove from the list.
  5. In the warning popover, confirm by clicking OK (or Cancel to abort the deletion).

Deleting S-user IDs

For your own security, regularly delete inactive S-user IDs and S-user IDs of people who have left your company to prevent unauthorized access to company data and keep your user data up-to-date.

S-users with special functions (such as software recipient or technical contact person for an installation) cannot be deleted. This is only possible once SAP has transferred the function to somebody else. To do this, report an incident using component XX-SER-SAPSMP-USR and nominate a contact person who is to assume the role of the S-user to be deleted. It is, of course, also possible to request changes to contact person roles without deleting an S-user.

To delete one individual S-user ID:

  1. On the application's overview screen enter the section Users;
  2. Scroll down the list or use the filter feature to find the S-user ID that you want to delete;
  3. Click the "Delete" icon in the Action column. (If this column is not shown, customize the table layout and add it to the view.)

Alternatively, or to delete multiple S-user IDs:

  1. On the application's overview screen enter the section Users;
  2. Using the checkboxes, select all S-user IDs that shall be deleted;
  3. Click the Delete button in the footer toolbar.
  4. Confirm by clicking OK (or abort with Cancel).

Deleted S-user IDs are then listed in the Deleted Users section of the application for twelve months and cannot be reactivated (see KBA 1811859).

When an S-user ID is deleted, the following are not affected:

Working with authorizations

Authorization management deals with permissions that are required to fulfill certain tasks using applications in the SAP ONE Support Launchpad or SAP for Me website, for instance, report incidents, download software, or check software orders. Most authorizations contain not only the user's right to perform a specific task, but also the level at which the user can exercise this right.

Example: A user may be allowed to report incidents for one particular SAP product that your company has licensed (represented by a so-called "installation"), but not for others.

An important principle is the following:

"Rule of Authorization Inheritance":
Administrators can only grant those authorizations that they have been granted themselves.

There are several ways to maintain an S-user's authorization profile:

Assigning, amending, or removing individual authorizations

In the application's Users, Requested Users, or Important Contacts sections click a row in the list to enter the User Details page for that user.

Figure 11: Authorizations section on User Details page

  1. The table in the page section Existing Authorizations lists authorizations that were already assigned to the user, the type of levels they have been granted on (Installation, Customer, CCoE, i.e. Customer Center of Expertise), as well as the level IDs and names. If an authorization was granted by applying an authorization package, this is reflected by an entry in the Authorization Package column.
  2. To add, change or remove authorizations, select Authorizations in the header's tab strip or scroll to the Authorizations section. A grayed-out list of all available authorizations is shown. Ticked checkboxes indicate which authorizations were already granted in the past.
  3. Click the "Edit Authorizations" pencil icon on the right to enter the edit mode.

Figure 12: Changing a user's individual authorizations

  1. Using the checkboxes beside the authorizations, it is possible to assign or remove authorizations.
  2. As soon as a checkbox is selected, the information about the authorization level changes to "Granted for all customers and installations" (or "Granted for all customers") indicating that the permission has been granted at the highest level.

There are two options to grant authorizations on a more granular level, for example enable the user to report incidents for one installation only.

Option 1: An authorization shall be granted on the exact same combination of customer numbers and installations as another authorization that the user already got in the past.
In this case, proceed as follows:

  1. Click the Copy Levels button for the authorization that the user already has. The Select Authorizations dialog is displayed. Select the new authorization and confirm with OK.

Option 2: An authorization shall be granted on a different, not yet used combination of customer numbers and installations:

  1. Click the authorization that you are about to grant. The Maintain Authorization Levels page is displayed.

Figure 13: Maintaining the authorization level

  1. To restrict the authorization to selected customer numbers click the "Modify Customer Authorization" icon. The Select: Customer(s) dialog is displayed.
  2. Using the checkboxes, select the customer numbers from the list that the authorization shall be granted on.
  3. In long lists, use the search or advanced search to find a particular customer number: Enter the search term and click Go.
  4. The Selected Items section lists all chosen customer numbers. You can remove individual or all items by clicking the respective "Remove" icon.
  5. Once all customer numbers have been selected, confirm with OK (or abort with Cancel). The dialog window will be closed and customer numbers that the authorization has been granted for will be listed in the section Authorization Restricted to Listed Customers of the Maintain Authorization Levels page.

If required, repeat these steps for installations.

Note: If you (unnecessarily) select installations that belong to a customer number that was already selected in the previous steps, these entries will disappear when you save.

  1. Click the "Back" icon to return to the User Details page.
  2. Click the "Save Authorizations" icon to save your changes or the "Cancel" icon to disregard them.

Copying authorization profiles

You can copy an existing authorization profile from one user ("source user") to one or multiple other users ("target users") so that they share the exact same authorizations on the same levels.

Notes:

To copy authorizations from a source user to one or multiple target users, proceed as follows:

  1. In the application's Users, Requested Users, or Important Contacts sections click the row about the source user. The User Details page for the user is shown.
  2. Click the Copy User's Authorizations button in the footer toolbar. The Select Users popover is displayed.
  3. Scroll through the list of users (or use the search) and select all target users by ticking the corresponding checkboxes.
  4. Click OK to confirm (or Cancel to abandon the change).

Defining and assigning authorization packages

Authorization packages are bundles of authorizations that you can flexibly define and then grant to one or multiple users in your company. This is helpful if several users need the same authorization profile, for instance because they work on the same tasks.

Note that the Rule of Authorization Inheritance applies: Only those authorizations contained in a package are granted to the user, which the person who applies the package possesses themselves.

Overview of the Authorization Packages section and basic features

Entering the Authorization Packages sub-section requires the authorization Edit Authorizations. A table lists all packages that the logged-on user administrator is entitled to assign to colleagues.

Figure 14: Overview of the Authorization Packages section

  1. The headline indicates the number of items in the list.
  2. The list can be sorted or downloaded to your computer as a comma-separated value (CSV) file. Furthermore, you can enter a filter term to narrow the list down to authorization packages with a name matching this string.
  3. A padlock icon indicates protected authorization packages: Only super administrators can change them. User administrators can still assign these packages to users.
  4. If you are a super administrator, as soon as one or multiple authorization packages have been selected, the Protect button becomes active. Click it to protect the selected authorization packages, thus prevent others from changing them.

    Revert the protection by clicking Unprotect.

  5. When you click the Report button, the list of all users in the selected packages is shown in a popover window. Using the "Download" icon in the popover's upper-right corner, you can save the list to a local comma-separated value (CSV) file on your computer.
  6. By clicking Overview, the list of authorizations and levels that make up the selected authorization package is shown in a popover window. Using the "Download" icon in the popover's upper-right corner, you can save the list to a local comma-separated value (CSV) file on your computer. Multi-selection of packages is not supported.
  7. Click Delete to delete all selected authorization packages. They will no longer be assigned to any users.
  8. Click Rename to give the selected authorization package a different name. Multi-selection is not supported.
  9. Click the Assign User(s) button to enter the Select: Assign User(s) dialog. The list of all users you are entitled to administer is shown. Scroll through the list or use the search feature to find specific users. Tick the checkbox and click OK to grant them all authorizations that are contained in the package.
  10. Click Create to define a new authorization package.

Defining authorization packages

Creating a new authorization package is done in two steps: First, a new item is added to the list of all packages. Second, the new package's authorizations are defined.

  1. To create a new authorization package, click the Create button in the footer toolbar. The Create Authorization Package dialog is shown.
  2. Enter a name for the package.
  3. If you are a super administrator, you can also protect it by ticking the Protected checkbox.
  4. Click Save (or Close to abort). The new package is immediately shown in the overview list of all authorization packages.

Adding authorizations to the new package — or removing or changing authorizations for an existing package — is done in a similar way to maintaining individual authorizations for a user:

  1. In the overview list of all authorization packages click a row to enter the details page for that package.
  2. To add more (or change or remove existing) authorizations, select Authorizations in the header's tab strip. A grayed-out list of all available authorizations is shown. Ticked checkboxes indicate authorizations that are included in the package.
  3. Click the "Edit Authorizations" pencil icon on the right to enter the edit mode.
  4. Using the checkboxes beside the authorizations, it is possible to add authorizations to the package or remove them.
  5. As soon as a checkbox is selected, the information about the authorization level changes to "Granted for all customers and installations" (or "Granted for all customers") indicating that the permission will be granted at the highest level when the package is applied.

There are two options to associate an authorization with a more granular level.

Option 1: An authorization shall be granted on the exact same combination of customer numbers and installations as another authorization.
In this case, proceed as follows:

  1. Click the Copy Levels button for the already defined authorization. The Select Authorizations dialog is displayed. Select the new authorization and confirm with OK.

Option 2: An authorization shall be associated with a different, not yet used combination of customer numbers and installations:

  1. Click the authorization that you want to tweak. The Maintain Authorization Levels page is displayed.
  2. To restrict the authorization to selected customer numbers click the "Modify Customer Authorization" icon. The Select: Customer(s) dialog is displayed.
  3. Using the checkboxes, select the customer numbers from the list that the authorization shall be granted on.
  4. In long lists, use the search or advanced search to find a particular customer number: Enter the search term and click Go.
  5. The Selected Items section lists these chosen customer numbers, and you can easily remove individual or all items by clicking the respective "Remove" icon.
  6. Once all customer numbers have been selected, confirm with OK (or abort with Cancel). The dialog window will be closed and customer numbers that the authorization will be granted on will be listed in the section Authorization Restricted to Listed Customers of the Maintain Authorization Levels page.
  7. If required, repeat these steps for installations.

    Note: If you (unnecessarily) select installations that belong to a customer number that was already selected in the previous steps, these entries will disappear when you save.

  8. Click the "Back" icon to return to the details page.
  9. Click the "Save Authorizations" icon to save your changes or the "Cancel" icon to disregard them.

All changes are immediately reflected in the Overview section of the package's details page. It lists authorizations that are contained in the package, the type of levels they have been granted on (Installation, Customer, CCoE, i.e. Customer Center of Expertise), as well as the level IDs and names.

Assigning or removing authorization packages

There are several ways to assign authorization packages to users. However, only the first one is suitable to remove packages from a user's authorization profile.

Option 1 — Use if you want to assigning multiple packages to one user (or remove packages from the user's authorization profile):

  1. On the application's overview screen, click a list item in the sections Users, Requested Users, or Important Contacts. The User Details page for that user is shown.
  2. Scroll down to the section Existing Authorization Packages.
  3. Click the "Edit Authorizations" pencil icon. The Assign Authorization Packages overlay is shown.
  4. Select the packages that you want to assign to the user or deselect the ones that you want to remove from the user's authorization profile by ticking or unticking the respective checkboxes.
  5. Confirm with OK.

Option 2 — Use if you want to assign multiple packages to multiple users:

  1. From the application's overview screen, enter the section Users.
  2. Use the checkboxes to select all users that you want to assign the packages to.
  3. Click the button "Assign Authorization Packages" in the footer toolbar. The Assign Authorization Packages overlay is shown.

    Note: The list of packages does not indicate packages that have previously been assigned to the users.

  4. Select the packages that you want to assign to the users by ticking the respective checkboxes. In long lists, you can also use the search.
  5. Confirm with OK.

Option 3 — Use if you want to assign multiple packages to multiple users:

  1. From the application's overview screen, enter the section Authorization Packages.
  2. Use the checkboxes to select all packages that you want to assign to users.
  3. Click the button "Assign User(s)" in the footer toolbar. The Select: Assign User(s) overlay is shown.
  4. Select the users that you want to assign the packages to by ticking the respective checkboxes. In long lists, you can also use the search.
  5. Confirm with OK.

Mass updates of authorizations

To change the authorization profiles of multiple S-users at the same time, there are three options:

Reports and mass updates

With the help of powerful selection criteria, the section Reports and Updates lets you identify all users that share certain authorizations or compare permissions of different users. If wanted, you can then update their authorizations simultaneously.

Overview of the interface

Figure 15: Overview of the Reports and Updates section

  1. On the application's overview screen select Reports and Updates from the tab strip.
  2. Use the filter bar to specify your selection criteria. For many criteria, multi-selection is supported. See below for an explanation of the various options.
  3. Click the Go button to retrieve all results that match the selection criteria.
  4. The result list is displayed below the filter bar. It shows all combinations of users, authorizations and authorization levels that match your filter criteria. Hence multiple rows in the list can correspond to one user. Clicking an item in the list launches the User Details page for that user.
  5. Click the "Download" icon to download the result list to a local CSV (comma-separated value) file.
  6. Click the "Sort" icon to sort the list by any column.
  7. Click the "Settings" icon to select the columns that shall be displayed in the result list and specify their sorting order (see section "Customizing the table layout").
  8. You can collapse the filter bar by clicking Hide Filter Bar. If hidden, click Show Filter Bar to expand it.
  9. Click the Clear link to reset all filters to the system default.
  10. When working with a view, i.e. queries that you have saved for re-use, the Restore link resets all filters to the view's filter settings.
  11. The Filters link gives access to the filter dialog. Here, all filters are arranged in a vertical layout. You can specify filter criteria, choose which filters shall be displayed, and save filter criteria for future re-use.
  12. The view selector allows you to switch between your favorite views, i.e. queries that you have saved before, and manage them. Unless otherwise specified, the default view is Standard, and no filter criteria are preselected.

    When you modify filter criteria, an asterisk (*) next to its name indicates that the view has been changed.

  13. Click Add Authorization in the footer toolbar to enhance the authorization profile of all users in the result list and Delete Authorizations to restrict it.

Explanation of the various selection criteria

Each item in the result list is a data set consisting of the following:

Note that, depending on the number of granted authorizations and granularity of authorization levels, one user can be listed multiple times in the list!

To retrieve a particular set of such items, the following criteria are offered:

The three filters

refer to authorization levels. If you select a value in any of them, all users will be listed where an authorization has been granted on one of the specified customer numbers, installation numbers, or S-user IDs.

Examples

  1. Identify all users that may close and confirm incidents (on any level, regardless if this is the whole CCoE or just one installation). Your filter criteria:
    • Authorizations: Select the value Close Incidents.
  2. Identify all users that may close incidents for two specific installations. Your filter criteria:
    • Authorizations: Select the value Close Incidents.
    • Installations: Enter the two installation numbers or click the icon in the Installations field, then select them from the list that will be shown.
    • Selection: Choose Match ALL Filter Criteria.

    Note that the result list will also feature items where the Close Incidents authorization was granted on the higher-level customer numbers (or CCoE) that your installations are linked to.

  3. Identify all users that have got the permission to report incidents for one of your customer numbers because a specific authorization package has been applied. Your filter criteria:
    • Authorizations: Select the values Report an Incident and Send Incidents to SAP (which includes the permission to report incidents)
    • Customer: Enter the customer number or click the icon in the Customer field, then select it from the list that will be shown.
    • Authorization Package: Enter its name or click the icon in the field, then select it from the list that will be shown.
    • Selection: Choose Match ALL Filter Criteria.

Working with saved filter settings ("views")

If you run the same reports on a regular basis, you can save filter settings for future re-use as so-called "views".

Saving views

Figure 16: Saving a view

  1. Use the filter bar to specify your selection criteria.

    An asterisk (*) next to the view's name will indicate that the current view has been modified but not saved.

  2. Click the view selector.
  3. Click the Save button if you want to overwrite the current view's selection criteria.

    Note: The default view Standard cannot be modified, hence the Save button is grayed out and only Save As is offered to store your filter settings.

Alternatively:

  1. Click the Save As button if you want to store a new view. The Save View dialog is displayed.
  2. Specify a meaningful name for your search query.
  3. Tick Set as Default if this view shall be pre-selected the next time you launch the application. (Note that you will still have to click the Go button to retrieve results.)
  4. Confirm with OK (or revert with Cancel).

Changing or deleting views

To change the selection criteria of a particular view, proceed as follows:

  1. Select the view from the view selector. The filter bar shows this view's selection criteria.
  2. Adjust the selection criteria.
  3. Click the view selector, then click the Save button to overwrite the previous filter settings with the new ones.

To change the name or behavior of a view, do the following:

Figure 17: Changing or deleting a view

  1. Click the view selector icon.
  2. Click the Manage button. The Manage Views dialog will be displayed. It lists all saved views.

To change a view, you have the following options:

  1. Change the name of a view.
  2. Select the view that is preselected upon entering the Reports and Updates section by clicking its Default radio button.
  3. Remove a view from those frequently used ones that are listed under the view selector, by clicking the "Remove from Favorites" icon.
  4. You can also delete a view by clicking the "Delete View" icon next to it.
  5. Confirm your changes with OK (or revert with Cancel).

Customizing the filter bar

You can hide selection criteria that are not relevant to you. You can then add this setting to an existing view.

Figure 18: Customizing the filter bar

  1. Create a view or select one from the view selector, then click Filters.
  2. Alternatively, first click Filters. Then, in the Filters dialog, choose a view from the view selector.

The selected view's filter criteria will be shown.

  1. Tick the Show on Filter Bar checkboxes for those filter criteria that shall be offered in the filter bar.
  2. Click Save to store these settings. Other actions are:
    • Click Go to retrieve all items matching your filter criteria.
    • Click Clear to remove all filter criteria.
    • Click Restore to revert changes that you have made.
    • Click Cancel to leave the dialog without saving any changes.

Mass updates

You can enhance or restrict the authorization profile of all users in a result list. Proceed as follows:

  1. Run a report to identify all users that match your selection criteria.
  2. To grant additional authorizations, click the Add Authorizations button in the footer toolbar. The Add Authorizations popover is shown.
  3. Using the checkboxes, select the authorizations that you want to add to the users' profiles. The information about the authorization level changes to "Granted for all customers and installations" (or "Granted for all customers") indicating that the permission has been granted at the highest level.
  4. To grant an authorization on a more granular level (e.g. for an installation only), click that authorization. The popover now shows the levels the authorization has been granted for.
  5. To restrict the authorization to selected customer numbers click the "Modify Customer Authorization" icon. The Select: Customer(s) dialog is displayed.
  6. Using the checkboxes, select the customer numbers from the list that the authorization shall be granted on.

    In long lists, use the search or advanced search to find a particular customer number: Enter the search term and click Go.

  7. Once all customer numbers have been selected, confirm with OK (or abort with Cancel). The dialog window will be closed, and you will return to the overview of levels the authorization has been granted on.
  8. If required, repeat these steps for installations.
  9. Click the "Back" icon in the upper-left corner to return to the list of all authorizations.
  10. If required, repeat these steps for other authorizations that you want to add to the users' authorization profiles.
  11. Finally click Save to save all changes (or Cancel to abort).

Click Delete Authorizations and proceed in a similar way if you want to restrict the users' authorizations. Also see the section Assigning, amending, or removing individual authorizations.

Technical communication users

The technical communication user (formerly called Support Hub user) is created for technical purposes only, for system-to-system connections between your landscape (most commonly in your SAP Solution Manager) and the SAP Support backbone.

You cannot use it to log on to SAP websites, e.g. the SAP ONE Support Launchpad, SAP Store or SAP Community.

Creating a technical communication user

The technical communication user creation is a two-step process:

  1. Creating the user
  2. Activating the newly created user

To create a user:

  1. On the application's overview screen enter the Technical Communication Users section.
  2. In the footer toolbar, click the Request User button. The Request User form is displayed.
  3. If your company has several SAP customer numbers, select the one that the new ID shall be assigned to.

    Important note: Once the user ID has been requested, this association cannot be changed!

  4. Enter a description that makes it easy to associate the new user with its purpose. For easy identification we recommend using the installation number followed by the system ID the user shall be used for (for example 1007062019-SID).
  5. Enter the e-mail address of a person that can be contacted regarding the new technical communication user.
  6. Select the user's preferred language from the list.
  7. If wanted, assign the user to a department. To do so, either click the icon in the Department field to select an existing department from the list or use the keyboard to enter the name of a department.
  8. Click Submit to start the user generation process or Cancel to abort the request.

The new user account will be created within one business day.

To activate a user:

  1. Select the newly created user from the list of all technical communication users.

    Hint: Users that have already been activated in the past are easily recognized through a checkmark in the Active for Data Transfer column of the list. Use the filter feature in the upper-right corner to identify inactive users.

  2. Click the Activate button in the footer toolbar.
  3. Enter a valid password. It must meet all off the following requirements:
    • Be exactly 8 characters long
    • Include at least one letter (A-Z)
    • Include at least one number (0-9)
    • Include at least one special character from the following:

      ! \ " @ $ % & / ( { [ ] } ) + - * = ? ' ~ # _ . , ; : < >

    • Not contain lower-case letters
    • Not contain any blanks
    • Not start with ? or !
    • Not start with 3 identical characters
    • Be different from the last 5 passwords
    • Not have been changed on the same day
  4. Confirm the password by re-entering it, then click OK.

The user will be activated within a few minutes.

Working with technical communication users

Changing a technical communication user's password

To change the password for a technical communication user, proceed as follows:

  1. Mark the respective row in the list of users.
  2. Click the Change Password button in the footer action bar. The Change Password dialog will be shown.
  3. Enter a valid password. It must meet all off the following requirements:
    • Be exactly 8 characters long
    • Include at least one letter (A-Z)
    • Include at least one number (0-9)
    • Include at least one special character from the following:

      ! \ " @ $ % & / ( { [ ] } ) + - * = ? ' ~ # _ . , ; : < >

    • Not contain lower-case letters
    • Not contain any blanks
    • Not start with ? or !
    • Not start with 3 identical characters
    • Be different from the last 5 passwords
    • Not have been changed on the same day
  4. Re-enter the password.
  5. Click OK to confirm or Cancel to abort.

Unlocking a technical communication user

Technical user IDs can get locked due to repeated logon attempts with an incorrect password. In the list of all users, locked users are easily identifiable through a padlock icon in the Active for Data Transfer column. To unlock them:

  1. Mark the respective row in the list of users.
  2. Click the Unlock button in the footer action bar.

Creating an SAP Passport

If you want to exchange data with the SAP Support infrastructure using client certificate authentication, you can download a PSE (Personal Security Environment) file via the Technical Communication User application and import it into your system using transaction STRUST.

  1. From the list of all technical communication users select your preferred user for that system.

    Note that the user must be active for data transfer.

  2. Click the Create SAP Passport button in the footer toolbar.
  3. Enter a password to secure the PSE. (This password will be required when importing the PSE in STRUST later.)

    Alternatively, you can provide the Certificate Request (CSR).

  4. Click OK.
  5. Click on the Download SAP Passport button and save the ZIP file to your local computer.
  6. Extract the ZIP file to access the PSE file.

Follow the steps outlined in SAP Knowledge Base Article 2805811 to set up the new PSE store in your system and import the PSE file.

Deleting a technical communication user

  1. From the list of all technical communication users select the one you want to delete.
  2. Click the Delete button in the footer toolbar.

The user will be deleted within one business day.

Back to top