User administration in an SAP system is very easy to perform when you know its basics. There are different types of user accounts are involved to handle and operate with an SAP system, they are users at sap, operating system and database level. These three levels will be discussed in the following paragraphs.
User administration in an SAP system (3 levels)
- Presentation level (SAP GUI on front end computer)
- Application (Instance) Level (SAP central and dialog instances)
- Database (Oracle, DB2, MSSQL, MAXDB or SyBase) level (Database instance)
Presentation Level (SAP GUI)
To access an SAP system, SAP Logon program will be used in any front end computer. This program can be installed and used when you can enter in to the operating system’s desktop. To get the desktop of a computer, you have to log on using its operating system user account. Then, SAP user can be used to log on to an SAP system. In this level you will need 2 types of users, they are OS users and SAP users.
Application server (Central and Dialog Instances)
To install, start or stop application servers (i.e Central or dialog instances), you have to log on to operating system first using its users. Then the application server can be started. In this level, you need 1 type of users, they are OS users.
Database server (Oracle, MaxDB, Sybase, MSSQL, DB2)
To start or working with database server, you have to log on to operating system using its user. Once you are inside OS, you can work with database server using database users. So in this level, you need 2 types of users, OS users and Database users.
So, you need different types of user accounts to log on to OS, SAP or Database to maintain or work with SAP systems. You have to understand that each component has its own authorization concept. You can create similar user accounts at each level, but need to use its user accounts to log on to their respective levels.
In SAP systems, user requests are processed by different work processes. All these work processes use a common database user to access the underlying database.
In ABAP based SAP systems, users and authorization data are client dependent. i.e each client has its own users and authorization data. You have to protect access to the operating system level of the application server (Instance) and Database server. Otherwise the data could become damaged.
If you have user id and password of an sap system, you can log on to SAP system, but to execute t-codes, you need to have authorization to access the related functions. Authorization check will be done each time when you interact with an sap system. If you do not have authorization to run particular function, system will show the error message in the status bar. If you have authorization to the function called, system will show you initial screen of the transaction. Depending on the transaction called, the user enters data and performs actions on the screen displayed. There may be additional authorization checks for the data and actions to be protected.
User authorizations are assigned using the concept of roles. The authorizations are combined as roles and the roles will be entered into the user’s master record.
User administration: User group
You can use user groups to distribute user maintenance among several user administrators for mass maintenance of user data.
User administration: User type
There are 5 types of user accounts are available at SAP level. They are 1. Dialog, 2. System, 3. Communication. 4. Service, 5. Reference
Dialog and service user types can be used to log on to an sap system using SAP GUI program, but the user types communication and system users are not able to log on to sap system using SAP gui program.
You can use SU01 t-code to create a new user master record for an user in an SAP system. All the entries will be added to different tables in the underlying database while creating user master record.
If you need live explanation about the concept of user administration in an SAP system, please get back to me. I will teach you the concept of user administration as demo class as part of my online sap basis training.
Please leave your message about your convenient time for attending the demo class (user administration) using the following form. I will get back to you as soon as possible to teach you demo class. In the demo class, I will show you different types of SAP systems in my server. You can learn strong basics of SAP systems in my demo class. Do not miss the opportunity of learning this concept at free of cost.