BAPI_USER_CREATE1

Create a new SAP user programmatically.

Purpose

Creates a new user master record — the programmatic equivalent of filling in SU01 and clicking Save. Supply at minimum a USERNAME and PASSWORD; add LOGONDATA, ADDRESS, PROFILES, and ACTIVITYGROUPS to produce a fully configured user in one call.

Signature (the parts you'll actually use)

Parameter	Direction	Type	Notes
USERNAME	IMPORTING	XUBNAME	The user ID to create. Required.
LOGONDATA	IMPORTING	BAPILOGOND	Validity dates (GLTGV/GLTGB), user type (USTYP)
ADDRESS	IMPORTING	BAPIADDR3	First/last name, email, department
PASSWORD	IMPORTING	BAPIPWD	Initial password struct — field BAPIPWD-BAPIPWD
PROFILES	TABLES	BAPIPROF	Profiles to assign (e.g. SAP_ALL)
ACTIVITYGROUPS	TABLES	BAPIAGR	Roles to assign
RETURN	TABLES	BAPIRET2	Messages — always check this

Example

DATA: lv_user     TYPE xubname VALUE 'NEWUSER01',
      ls_logon    TYPE bapilogond,
      ls_address  TYPE bapiaddr3,
      ls_password TYPE bapipwd,
      lt_profiles TYPE STANDARD TABLE OF bapiprof,
      lt_roles    TYPE STANDARD TABLE OF bapiagr,
      lt_return   TYPE STANDARD TABLE OF bapiret2.

ls_logon-gltgv  = '20240101'.   " valid from
ls_logon-gltgb  = '99991231'.   " valid to
ls_logon-ustyp  = 'A'.          " dialog user

ls_address-firstname = 'Jane'.
ls_address-lastname  = 'Doe'.
ls_address-e_mail    = 'jane.doe@example.com'.

ls_password-bapipwd = 'Init1234!'.

APPEND VALUE #( bapiprof = 'SAP_NEW' ) TO lt_profiles.

CALL FUNCTION 'BAPI_USER_CREATE1'
  EXPORTING
    username  = lv_user
    logondata = ls_logon
    address   = ls_address
    password  = ls_password
  TABLES
    profiles       = lt_profiles
    activitygroups = lt_roles
    return         = lt_return.

" Always inspect RETURN before committing
IF NOT line_exists( lt_return[ type = 'E' ] ) AND
   NOT line_exists( lt_return[ type = 'A' ] ).
  CALL FUNCTION 'BAPI_TRANSACTION_COMMIT'
    EXPORTING wait = 'X'.
ELSE.
  CALL FUNCTION 'BAPI_TRANSACTION_ROLLBACK'.
  LOOP AT lt_return INTO DATA(ls_msg) WHERE type CA 'EAX'.
    WRITE: / ls_msg-message.
  ENDLOOP.
ENDIF.

Common pitfalls

COMMIT WORK is mandatory

The user record is not persisted until you call BAPI_TRANSACTION_COMMIT (or COMMIT WORK). Skipping it leaves no trace — no error, no user. Always commit explicitly after a successful RETURN check.

Password complexity is enforced

The system profile parameters login/min_password_lng, login/password_compliance_to_current_policy, etc. apply here. If the supplied password fails the policy, RETURN will carry a type E message with a specific reason. Check it — do not assume the call succeeded.

• USERNAME must not already exist. Use BAPI_USER_GET_DETAIL beforehand to confirm the ID is free; if it exists, this BAPI returns an error in RETURN.
• Authorisation required: the calling user needs S_USER_GRP with activity 01 (create) for the target user's group.
• USERNAME case: SAP user IDs are stored in upper case. Translate to upper case before passing.

Related

• BAPI_USER_GET_DETAIL — read user master data; use to check existence first
• BAPI_USER_CHANGE — modify an existing user
• BAPI_USER_LOCK / BAPI_USER_UNLOCK
• BAPI_USER_GETLIST — search for users

See also

• Transactions: SU01, SU10 (mass creation)
• Profile parameter: login/password_compliance_to_current_policy

Comments