06-24-2010 6:33 AM
Hello Experts,
Can the communications Id execute transactions in SAP other than performing RFC execution?
Is it a suggested solution to let these non-dialog id's have transactional access from Audit perspective?
Appreciate your inputs.
Regards,
Sandeep
06-24-2010 6:40 AM
Hi Sandeep,
Communication user can execute transactions other than RFC login. It is same as dialogue user but u can not login to system using GUI.
Commonly it is used for background job execution and other functions, you are right from audit prospective.
Hope this clarifies.
Thanks,
Ramesh
06-24-2010 8:23 AM
Sandeep,
Communication users and system users are both non-interactive accounts. I
consistently use system accounts. I found that communication accounts need to have their password changed on first logon, which is somewhat cumbersome with a non-dialog account....
If you notice RFC user profiles, they usually have SAP_ALL ,SAP_NEW. __There are able to execute the transactions_.
There are reasons for denying SAP_ALL in PS environment.
no-one should have this in any system. SAP_ALL enables you to 'jump'
systems using - for example - tx. SM59. they might in this way also jump to
your PRD system AND -depending on the authorizations of the SM59 user- might then have another SAP_ALL again. this is not to be tolerated.
If you are giving SAP_ALL in production for RFC users,then u need to convenice the aduitors.
other Options for SAP_ALL is _firefighter role
Communication
For this kind of users:-
GUI login is not possible.
Users are allowed to change password through some software in middle tier.
Usage:- These are used for login to system through external systems like web application
System :
GUI login is not possible.
Initial password and expiration of passowrd are not checked.
Usage:- These are used for internal use in system like background jobs.
Service:
GUI login is possible.
Initial password and expiration of passowrd are not checked.
Multiple logins are allowed.
Users are not allowed to change the password. Only admin can change the password
Usage:- These are used for anonymous users. This type of users should be given minimum authorization.
dialog & service both are same,only difference in service user type is No password expiry.
still user is able to logon thry GUI.
Thanks,
Sri