SAP User Types

SAP User Types

This article answers the following queries:

• What are the different user types in SAP?
• Which user type(s) is /are used for dialog free communication in SAP?
• Validity period of a password is not applicable to which user type(s) in SAP?
• What are the specific uses of system user type in SAP?
• Which user type(s) cannot be used for direct logon to the SAP system?
• Which user type in SAP does not have a check on validity of password expiry or initial password?
• Which user type in SAP can be used to assign additional identical authorizations to other users?

--------------------------------------------------------------------

These are the 5 user types that are present in SAP

• Dialog
• Communication
• System
• Service
• Reference

Dialog:  This is the most commonly used type. This user type is primarily for individuals to gain interactive system access.  A user of this type can perform dialog processing in interactive mode, background processing, batch input processing and CPI-C services provided there are no explicit restrictions via assignment of specific authorizations.

SAP licensing can prohibit multiple concurrent use of the same user id in production SAP systems.

Communication:  This user type is used for dialog-free communication between systems such as RFC (Remote Function call) communication. This user is not allowed to logon to the R/3 system or start dialog processing

System: This is the user type which can be used for dialog-free communication within a system (such as for RFC users for ALE, TMS, workflow and CUA) and for background processing.

A specific use of the system user type is validity period of a password won’t apply for this type. So, this can be used to run background jobs and in between RFCs so that jobs or RFC communications won’t fail due to expiry of the password.

Please note that logon in dialog is not possible used System user type.

Service: This user type is a dialog user which is available to a large, anonymous group of users. For example, to access via ITS (Internet Transaction Server)

There won’t be any check on initial password or expired passwords for this user type. Also, multiple logons are explicitly permitted for this user type.

However this user type should be assigned with great caution and with limited authorizations for security reasons.

Reference:  This user type is in general, non-person related user.  This user type cannot be used for logon. Instead this user type will serve as a reference for assigning additional identical authorizations to other users.

For example: In case you have to assign some identical authorizations to all internet users, you can create a reference user with those authorizations and use this reference user to assign identical authorizations to all other users.