有空看看这个t-code: BS52
Authorization key
The authorization key is the basis for status-dependent authorization
verification.
Example
Whenever a user status is set or deleted, the user's authorization to do
so is checked. The status profile, the object type and the authorization
key for the user status concerned are checked.
If, for example, you want to ensure that certain user statuses can be
changed only by people in a particular group, you assign all those user
statuses an authorization key.
Then use authorization object B_USERSTAT to give authorizations for
those authorization keys.