Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SAPSYS user+client 000+Plugin HTTP

Former Member
0 Kudos

Dear Expertise,

As a part of monitoring activity I have executed SM04 where in I found SAPSYS user from 000 client and the corresponding activity is Plugin HTTP. I wonder many simillar entries in sm04(around 40) I known he is a system user but I have very less knowledge about sapsys userid .

Please any one kindly clarify me that what is he and what he is doing at the moment? is he a good sign or harmful? how to regulate him.

Thanks in Advance

Satya207

11 REPLIES 11

Former Member
0 Kudos

Hi,

Were you able to find the reason? if yes, please let us know because we are facing same thing.

Thx

0 Kudos

Vankata opened a fleet of 15 questions back in 2007 and did not follow-up on any of them, so is unlikely to return now either...

To answer your question: This is probably the system itself acting as client for an RFC call to an http(s) type destination to access data (e.g. exchange rates, documents of various types, etc). At this point it is the system itself opening a connection to the "outside" and not a user ID logging onto the system.

If the client server (in this case the ABAP Web Application Server itself) does not close the connection then they remain open until they "timeout". This is similar to how your SAPGui session might timeout (or not) if you leave it open with your PC running over night.

If they are legitimately open, and there are too many of them... then probably it is an application coding problem which is not closing the connection, much like it is a user problem to keep many sessions open and not logoff.

Contact the application developers and request that they check their coding.

Cheers,

Julius

0 Kudos

Thank you !!

0 Kudos

I will assume the question closed, unless there are any other comments.

Please follow-up on how you solved this (application specific) problem and post your solution if it might possibly help others.

Generally, function module RFC_CLOSE_CONNECTION is a good place to start looking...

Cheers,

Julius

former_member701183
Active Participant
0 Kudos

Hi,

Sapsys is used for internal purpose in SAP server and is not harmful. But if it increases it can be logged off as well. But in many cases sapsys is used for OS jobs, CCMS monitoring hence it may impact if not handled carefully. Please let me know if any issue.

Regards

Aveek.

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
0 Kudos

In this particular case those sessions seem to belong to "public ICFservices" (/sap/public/...).

SM04 only shows a snapshot of the current taskhandler sessions (stateless requests will only manifest there for a glimpse ..., while stateful requests will remain listed until the timeout will be reached).

0 Kudos

This is indeed interesting for those who use the search and want to contribute techniques to use for stateless applications.

I will mark it as open again. I dount that the Original Poster (OP) will notice the difference...

Cheers,

Julius

0 Kudos

>

> This is indeed interesting for those who use the search and want to contribute techniques to use for stateless applications.

Sorry, but this is no matter of "stateless" or "stateful". (application session).

It's about "unauthenticated" and "authenticated", instead. (security session).

0 Kudos

Hi Wolfgang,

Unfortunately, I cannot mark the thread as unanswered. Seems to be missing moderator functionality

Anyway, what made you suspect that this is a public service? I would think that it would still be advisable to create a service user for this, to be able to start services and possibly also perform additional checks.

That SAPSYS is appearing means that there is no authentication - just a session which cannot pass any authority-checks and by design cannot submit any ABAP programs either.

That it is an outbound call, from client 000 and without closing the connection would have been my first guess, in the wild dark.

@ OP: Are there always about 40 sessions open?

Cheers,

Julius

0 Kudos

>

> What made you suspect that this is a public service? I would think that it would still be advisable to create a service user for this, to be able to start services and possibly also perform additional checks.

>

> That SAPSYS is appearing means that there is no authentication - just a session which cannot pass any authority-checks and by design cannot submit any ABAP programs either.

>

> As a part of monitoring activity I have executed SM04 where in I found SAPSYS user from 000 client and the corresponding activity is Plugin HTTP.

"Plugin HTTP" indicates: we are dealing with http requests (inbound).

And the fact that "user SAPSYS / client 000" is the one assigned to the taskhandler session (SM04) told me: this session is unauthenticated. So, combining both (knowning that there are "public ICF services") I've concluded that this is a public service.

Well, there are three different types of ICF services:

- those that require authentication (default)

- those that run unauthenticated (public services, operated under 000/SAPSYS)

- those that run under a configured identity (of a service user)

From the outside you cannot distinguish between the last 2 ones - in both cases you can use the service without being prompted for authentication.

And yes: 000/SAPSYS is not assigned to any authorizations.

0 Kudos

Okay, thanks Wolfgang!

That leaves only this option.

> those that run unauthenticated (public services, operated under 000/SAPSYS)

...as the last one would show the service user.

@ venkata satya & SR: Please logon to client 000 or run report RSUVM005 for client 000 or a query and check that user SAPSYS does not exist (which would be correct).

Cheers,

Julius