Professional Documents
Culture Documents
- By Jagraj Singh
SAP Security Consultant
Logon Data
Types of Users:
Dialog - User type for exactly one interactive user (all logon types including Internet users).
During a dialog logon, the system checks whether the password has expired or is initial.
The user can change his or her password himself or herself.
Multiple dialog logons are checked and, where appropriate, logged.
Every employee should generally be defined as a dialog user.
Communications - User type for dialog-free communication between systems (such as RFC users for ALE, Workflow, TMS and CUA):
A dialog logon is not possible.
Whether the system checks for expired or initial passwords depends on the logon method (interactive or not interactive).
Due to a lack of interaction, no request for a change of password occurs.
System - User type that is a dialog user available to a larger, anonymous group of users.
Assign only very restricted authorizations for this user type.
During a logon, the system does not check whether the password has expired or is initial.
Only the user administrator can change the password.
Multiple logons are permissible.
Service - Service users are user, for example, for an anonymous system access through an ITS service.
After an individual authentication, an anonymous session begun with a service user can be continued as a person related session with a dialog user.
Reference - User type for general, non-person related users that allows the assignment of additional identical authorizations, such as for Internet users created with
transaction SU01.
You cannot log on to the system with a reference user.
This field is for the internal organization of users and helpful e.g. for mass maintenance - if you want to maintain users of a certain group. This group is also called the General
user group.
User groups for authorization check- Logon tab
This field allows restricting user maintenance to specific groups based on the authorization object S_USER_GRP. If a user has an assignment maintained in this field, the user
administrator will need the corresponding group assigned to his authorization based on S_USER_GRP to be able to actually maintain this user.
With the flag REF_USER_CHECK within the table PRGN_CUST you can adjust, which message is to be displayed, in case a user who is not of the type reference is
assigned as a reference user: 'W' (default) Warning, 'E' Error, 'S' Simple message, 'I' no message.
An overview of created reference users is prepared by the report RSUVM013.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
DDIC - The user DDIC is established in the client 000 and 001 with the installation [and copies of these]. This standard user is utilized to cover installation and release updates
including changes to the data dictionary. The use of the transport management system is restricted to Display only. This is the protection against direct developments. As the
technical steps related to this process are initiated in the client 000, the DDIC only needs to be a dialog user in this client. In all other clients he can be set to the user type
system.
The standard password for this user directly after the installation is 19920706. The report RDDPWCHK allows checking the password that is assigned to the user DDIC. In case
the password matches, the dialog window will be closed. For mismatches the message False is displayed.
TMSADM - The user TMSADM is automatically created at the set up the change and transport management system in the client 000.
This user type is Communication, and he is utilized for transports by the CTS. He has the profile S_A.TMSADM assigned that authorizes the use of RFC with display of the
development environment e.g. as well as writing to the file system. The standard password for this user directly after the installation is PASSWORD.
ECATT Script
Click the below link for detailed video on ECATT Script for Mass user creation
https://www.youtube.com/watch?v=Pix760LK1b0
http://sapsecurityanalyst.com/WP/general-disclaimer/mass-user-creation
http://scn.sap.com/people/santosh.karadkar/blog/2008/04/17/create-mass-users-usingecatt
Thank You