Skip to Content
avatar image
Former Member

User Types in SAP


What is the difference between the various user types that can be assigned to a user in SU01 (Dialog, System, Communication, Reference, Service)?

Thank you.

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

5 Answers

  • Best Answer
    avatar image
    Former Member
    Jan 22, 2008 at 06:45 AM



    this thread gives u wht u required..

    plzz reward if it is usefull to u....

    plzz dont forget to reward if it is useful...

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 22, 2008 at 06:33 AM

    User Types

    Dialog 'A'

    A normal dialog user is used by one person only for all types of logon.

    During a dialog logon, the system checks for expired and initial passwords and provides an option to change the password.

    Multiple dialog logons are checked and logged if necessary.

    System 'B'

    Use the system user type for internal system processes (-> background processing) or system-related processes (-> ALE, workflow, TMS, CUA).

    Dialog logon (using SAP GUI) is not possible.

    A user of this type is excluded from the general settings for password validity. Only user administrators can change the password using transaction SU01 (Goto -> Change Password).

    Multiple logons are permissible.

    Communication 'C'

    Use users of type Communication for dialog-free communication between systems (-> RFC or CPIC) .

    Dialog logon (using SAP GUI) is not possible.

    The general settings for the validity period of a password apply to users of this type. Users of this type can change their passwords (like dialog users). The dialogs for changing the password must be provided by the caller (RFC/CPIC client). You can use the RFC function module USR_USER_CHANGE_PASSWORD_RFC or the RFC API function RfcOpenEx() to change the password.

    Service 'S'

    A user of the type Service is a dialog user that is available to an anonymous, larger group of users. Generally, this type of user should only be assigned very restricted authorizations.

    For example, service users are used for anonymous system access using an ITS service or a public Web service. Once an individual has been authenticated, a session that started anonymously using a service user can be continued as a personal session using a dialog user (see SUSR_INTERNET_USERSWITCH)

    During logon, the system does not check for expired and initial passwords. Only the user administrator can change the password.

    Multiple logon is allowed.

    Reference 'L'

    Like the service user, a reference user is a general user, not assigned to a particular person. You cannot log on using a reference user. The reference user is only used to assign additional authorization. Reference users are implemented to equip Internet users with identical authorizations.

    On the Roles tab, you can specify a reference user for additional rights for dialog users. Generally, the application controls the allocation of reference users. You can allocate the name of the reference user using variables. The variables should begin with "$". You assign variables to reference users in transaction SU_REFUSERVARIABLE.

    This assignment applies to all systems in a CUA landscape. If the assigned reference user does not exist in one of the CUA child systems, the assignment is ignored.

    Reward points if useful.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 22, 2008 at 06:37 AM

    Check this SAP link.

    The SAP system categorizes users into several types for different purposes:


    Individual, interactive system access.


    Background processing and communication within a system (such as RFC users for ALE, Workflow, TMS, and CUA).


    Dialog-free communication for external RFC calls.


    Dialog user available to a larger, anonymous group of users.


    General, non-person related users that allows the assignment of additional identical authorizations, such as for Internet users created with transaction SU01. No logon is possible

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 22, 2008 at 06:40 AM

    Hi ,

    Please use this below reports you will get more information .

    RSUSR* reports (use SE38 and do a possible-values list for RSUSR* to see all available security reports), including:

    v RSUSR002 – display users according to complex search criteria

    v RSUSR010 – Transactions that can be executed by users, with Profile or Authorization

    v RSUSR070 – Activity groups by complex search criteria

    v RSUSR100 – Changes made to user masters

    v RSUSR101 – Changes made to Profiles

    v RSUSR102 – Changes made to Authorizations

    v RSUSR200 – Users according to logon date and password change, locked users.

    Reward points if it is usefull...


    Add comment
    10|10000 characters needed characters exceeded

  • Jan 22, 2008 at 06:29 AM


    set the cursor on the field for selecting user types and the press F1. The help will detailed explain the various user types.



    Add comment
    10|10000 characters needed characters exceeded