Problem solve Get help with specific problems with your technologies, process and projects.

The trick to selecting a user model for ITS

The trick to selecting a user model for ITS

Jon Pokress,
President - Bluenote Consulting Group
ITS presenter at "Web-Enabling your SAP Systems".

Traditionally, all R/3 users receive a full-license account setup with the standard R/3 user administration tools. Their usage of R/3's functionality is limited only by the authorizations granted them.

In contrast, Internet applications typically offer a focused subset of R/3 functionality, and can be accessed by users not needing the power of a full R/3 account. It would be undesirable to have to create and pay for full-license user ids in this case.

To accommodate this need, SAP introduced the "generic user" and "Internet user" concepts. With the "generic user" concept, a single, full-license user ID is created for use by ITS, when interacting with R/3. All user interactions are conducted under the context of this generic ID, removing the need for multiple licenses when deploying a Web application.

While the "generic user" approach can be used alone to create Publicly accessible pages (i.e. no user login required), it is usually desirable to assign individual user IDs and passwords to Web users. Through identification, data access can be restricted and the site personalized. The "Internet user" concept accomplishes this.

Using a special administration tool, user IDs and passwords can easily be created and maintained for users of Web applications. These Ids have no relation to standard R/3 user accounts, and cannot be used to logon to R/3; they are merely used for access control.

In practice, ITS applications use a hybrid of the two concepts. A generic user account is established for ITS to access R/3, and "Internet" user IDs are created and distributed to Web users. Note that the ITS application assumes responsibility for presenting a logon screen and authenticating the user ID and password against the Internet users registry. Fortunately, standard function modules exist to accomplish this.

Finally, it is often strategic to use the hybrid approach even when your user base has standard SAP user IDs (e.g. internal users). While increasing overhead slightly, use of a generic ID for R/3 access by ITS enhances application robustness by providing a consistent operating environment for your Web applications. In this way, variations in users' security profiles and data (e.g. parameter ids) will not adversely impact your application's functionality.

For more tips like this one, or to view the full agenda for "Web-Enabling your SAP Systems", click here.

Did you like this tip? Whether you liked it or not, why not let us know. You can email us to sound off, or you can go to our tips page and rate this, and all our other tips. Or, submit one of your own.

Dig Deeper on SAP implementation

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.