User types in SAP

Below are the available User types in SAP:

Available User types in SAP

1. Dialog ‘A’

A normal dialog user is used by one person only for all types of logon.

During a dialog logon, the system checks for expired and initial passwords and gives you the option to change your password.

Multiple dialog logons are checked and, where appropriate, logged.

2. System ‘B’

Use the system user type for internal system processes (-> background processing) or system-related processes (-> ALE, workflow, TMS, CUA).

Dialog logon (using SAP GUI) is not possible.

A user of this type is excluded from the general settings for password validity. Only user administrators can change the password using transaction SU01 (Goto -> Change Password).

Multiple logons are allowed.

3. Communication ‘C’

Use users of type Communication for dialog-free communication between systems (-> RFC or CPIC) .

Dialog logon (using SAP GUI) is not possible.

The general settings for the validity period of a password apply to users of this type. Users of this type can change their passwords (like dialog users). The dialogs for changing the password must be provided by the caller (RFC/CPIC client). You can use the RFC function module SUSR_USER_CHANGE_PASSWORD_RFC or the RFC API function RfcOpenEx() to change the password.

4. Service ‘S’

A user of the type Service is a dialog user that is available to an anonymous, larger group of users. Generally, this type of user should only be assigned very restricted authorizations.

For example, service users are used for anonymous system access using an ITS service or a public Web service. Once an individual has been authenticated, a session that started anonymously using a service user can be continued as a personal session using a dialog user.

During logon, the system does not check for expired and initial passwords. Only the user administrator can change the password.

Multiple logons are allowed.

5. Reference ‘L’

Like the service user, a reference user is a general user, not assigned to a particular person. You cannot log on using a reference user. The reference user is only used to assign additional authorizations. Reference users are implemented to equip Internet users with identical authorizations.

On the Roles tab, you can specify a reference user for additional rights for dialog users. In general, the application controls the assignment of reference users. The name of the reference user can be assigned using variables. The variables should begin with “$”. You assign variables to reference users in transaction SU_REFUSERVARIABLE.

This assignment applies to all systems in a CUA landscape. If the assigned reference user does not exist in one of the CUA child systems, the assignment is ignored.


Overview of the properties of users of the different user types:

Property / User TypeDialogCommunicationSystemService
Dialog logon (SAP GUI)XX
Password ChangeXX
Logon ticket can be generatedXX

Apart from reference users, users of all types can log on to a system using RFC or execute background jobs.

For more information check this blog: SAP User Administration

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top