SAP Security Online - R/3 Security- User Type


	R/3 Security
		Tips n Tricks
		Tables
		Tcodes
		Audit Check
	BW Security
	Enterprise Portal
	CUA
	Single Sign On
	SOX/ SoD
	OSS
	HR Security
	Other SAP Apps
	Solution Manager
	Interview Questions

Characterization of user types

Dialog user 'A'
Individual system access (personalized)

Logon with SAPGUI is possible. The user is therefore interaction-capable with the SAPGUI.
Expired or initial passwords are checked.
Users have the option of changing their own passwords.
Multiple logon is checked.
Usage: For individual human users (also Internet users)

System user 'B'
System-dependent and system-internal operations

Logon with SAPGUI is not possible. The user is therefore not interaction-capable with the SAPGUI.
The passwords are not subject to to the password change requirement, that is, they cannot be initial or expired.
Only an administrator user can change the password.
Multiple logon is permitted.
Usage: Internal RFC, background processing, external RFC (for example, ALE, workflow, TMS, CUA)

Communication user 'C'
Individual system access (personalized)

Logon with SAPGUI is not possible. The user is therefore not interaction-capable with the SAPGUI.
Expired or initial passwords are checked but the conversion of the password change requirement that applies in principle to all users depends on the caller (interactive/not interactive). (*)
Users have the option of changing their own passwords.
Usage: external RFC (individual human users)

Service user 'S'
Shared system access (anonymous)

Logon with SAPGUI is possible. The user is therefore interaction-capable with the SAPGUI.
The passwords are not subject to the password change requirement, that is, they cannot be initial or expired.
Only a user administrator can change the password.
Multiple logon is permitted.
Usage: Anonymous system access (for example, public Web services)

Reference user 'L'
Authorization enhancement

No logon possible.
Reference users are used for authorization assignment to other users.
Usage: Internet users with identical authorizations

Remarks:

(*) With all non-interactive system accesses (that is, not using the SAPGUI), the password change rule (which exists for all users except for system and service users when passwords are initial or have expired) is not enforced by the system if there is no interaction option. However, provided that you can execute a password update dialog with the user (=> middleware, such as SAP ITS, for example,), RFC client programs should recognize the need to change a password and initiate the subsequent password change by calling special function modules (=> see note 145715) or RFC-API functions (as of 4.6C).
The user interaction (including handling error and exceptional situations) is provided here with the middleware (= RFC client).

SAP Help | SAP Service Market Place | SAP SDN