User Management on SAP BTP
When a customer signs a contract with SAP, one user is created at the global account level. On this level, entitlements are defined, assigning entities and services, including billing information. The global account administrator can initially log on to SAP BTP to manage these entitlements, and create directories and subaccounts. To ensure that more than one employee can administer the global account, the administrator needs to create other users at the global account level and assign them administrator permissions.
Typically, a global account consists of various subaccounts. When a global account administrator creates a subaccount, they automatically become the administrator of the subaccount. The subaccount administrator can manage entitlements, service subscription, create other users on the subaccount level, and assign roles to the users. Subaccount administrators get administration authorizations for the subaccount only, not for the global account.
Subaccount administrators also create business users. Business users are consumers of applications and services that are provided on SAP BTP (for example: SAP Business Application Studio) or business applications (SaaS) that were created with the help of the tools and services provided by SAP BTP. These users can have access to SAP BTP, but they are not able to do any administrative tasks. If a business user only uses a single application on SAP BTP, they do not necessarily require access to the SAP BTP cockpit (meaning the subaccount), but to the application only. In this case, the subaccount administrator creates the user on a subaccount level and only assigns application authorizations to the user.
Learn more about working with users in SAP BTP in the official documentation: https://help.sap.com/docs/BTP/65de2977205c403bbc107264b8eccf4b/2c91f88e60ea4677a076212085b42d02.html?locale=en-US