Hi Diwakar,

1. A backgroud user type can not login into the system which is unlike a dialog user. So, even if you give the user type BG to the auditor he would not be able to login to the system at all. Thus, logically it makes no meaning to give any user type other than DIALOG to the auditors. Background users are used mainly for running the BG jobs, which a normal dialog user had restrictions to. But stil if your consultants have any justification for using a BG user particularly, please let us know too, so that we can discuss the same as well.

2. Regarding the sensitive data, the auditor has to have jst display rights for what all he sees. You can give access to only the display roles for the same, thus maintaining he does not play with any of your sensitive data.

Regards,

Hersh.

Dialog user type is your "typical" user type for people who log in to SAP & use it in their day to day work.

Background user is used to schedule batch & background jobs and basically run stuff in the background (hence the name). The most important thing to know is that you cannot login with a Background user which renders the recommendation of your consultant rather irrelevant and given the required use of it, a demonstration that they may not quite know as much as they profess to do.

Each user type can only do what is defined by it's roles (in most cases). If a role assigned to a dialog user gives access to very sensitive data then it will give the same access to a background user and this is not too hard to exploit.

Furthermore, it is usually expected for auditors to have access to sensitive data (depending on what they are auditing) however they should only be displaying this data. They need no change access, and should not be requesting it, a wide access display role covering functional & technical display roles & access to display table data should suffice for 99% of audits. If someone suggests that this access can only be assigned to a background role then I am surprised unless there are some very specific circumstances.