Sap. New user types system, services, reference

Goller. cn sap Education	Sponsor Link
Www.goller.cn

New user types as of release 4.6c
SAP note number: 327917
Https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/oss_notes/sdn_oss_bc_sec /~ Form/handler {handler}

Symptom
In release 4.6c, the user types that can be selected in user maintenance were reorganized and, in some cases, enhanced. the following user types, which contain all of the previous user types, are now available. this restructuring is fully downward-compatible. data conversion is not required.

Characterization of user types (see also note 622464 ):

Dialog user & apos; A & apos;
Individual System Access (personalized)

Logon with sapgui is possible. the user is therefore interaction-capable with the sapgui.
Expired or initial passwords are checked.
Users have the option of changing their own passwords.
Multiple logon is checked.

Usage:For individual human users (also Internet Users)

System user & apos; B & apos;
System-dependent and system-internal operations

Logon with sapgui is not possible. the user is therefore not interaction-capable with the sapgui.
The passwords are not subject to the password change requirement, that is, they cannot be initial or expired.
Only an administrator user can change the password.
Multiple logon is permitted.

Usage:Internal RFC, background processing, external RFC (for example, ale, workflow, TMS, CUA)

Communication user & apos; C & apos;
Individual System Access (personalized)

Logon with sapgui is not possible. the user is therefore not interaction-capable with the sapgui.
Expired or initial passwords are checked but the conversion of the password change requirement that applies in principle to all users depends on the caller (interactive/not interactive ).(*)
Users have the option of changing their own passwords.

Usage:External RFC (individual human Users)

Service user & apos; s & apos;
Shared system access (anonymous)

Logon with sapgui is possible. the user is therefore interaction-capable with the sapgui.
The passwords are not subject to the password change requirement, that is, they cannot be initial or expired.
Only a user administrator can change the password.
Multiple logon is permitted.

Usage:Anonymous System Access (for example, public Web Services)

Reference user & apos; L & apos;
Authorization Enhancement

No Logon possible.
Reference users are used for authorization assignment to other users.

Usage:Internet users with identical authorizations

Remarks:
(*) With all non-interactive system accesses (that is, not using the sapgui ), the password change rule (which exists for all users before t for system and service users when passwords are initial or have expired) is not enforced by the system if there is no interaction option. however, provided that you can execute a password update dialog with the user (=> middleware, such as SAP its, for example ,), RFC client programs shocould recognize the need to change a password and initiate the subsequent password change by calling special function modules (=> See note 145715) or RFC-API functions (as of 4.6c ).
The user interaction (including handling error and exceptional situations) is provided here with the middleware (= RFC client ).

Other terms
Su01