Sarah: "I just sent an email to David before our meeting with background information about the User Master Record and Business User concepts. It's also time for him to dig into the authorization concept so that he can expand his understanding of his role as IAM Admin!"
User Master Record
Historically, access to an SAP system required that a user has a user master record. The user master record provided a place to define the basic context for a user, such as their user ID, first name, last name, phone number, email address, and so on. The user master record was also where an administrator assigned the user their security roles, which controlled the business actions that the user is authorized to perform, for example, creating a vendor or initiating a payment.
At the functional level, each user also interacted with applications in the context of one or more business processes. In sales, for example, a customer may be associated with a specific sales organization, distribution channel, and division. A business partner definition was used to provide a link to the application specific context required to perform a specific business function through an associated business partner role. However, the business partner and business partner role assignment were maintained separately from the user master record, in a different application.
Business User Concept
With the release of SAP S/4HANA, SAP introduced the business user concept. The business user represents a new identity model for the user in the SAP application, which integrates the business partner concept with the user master record. Specifically, a business user is defined as a natural person, who is represented in the application by a business partner, and who is linked to the SAP system by a user ID.
To support this new identity model, SAP S/4HANA Cloud, public edition comes with a simplified creation process for defining the business user and the worker. The new process provides the tools to manage the lifecycle of the user, as well as enhanced functionalities, such as the ability to create a worker without assigning a company code and cost center, or the possibility to create multiple work agreements. The overall aim is to ensure a faster and more unified SAP S/4HANA Cloud, public edition onboarding process.
For SAP S/4HANA Cloud, public edition, an end user is required to be registered as a worker in the organization. The worker is then linked to the system as a business user to log into the system to utilize the actual applications.