If we want analyze SM20 logs for ABAP user or background user or Fiori login. Below are few details which can help.
In SAP SM20 logs, Type and Method define the nature and technical approach of a security event (like a logon or report execution). Type commonly indicates the session category (e.g., Dialog, RFC), while Method specifies how that interaction occurred (e.g., Password, Certificate), often appearing as pairs like type=E, method=A
Type=A (Dialog Logon)
Type=B (Background Job Start): Indicates the session is for a background process, not a manual dialog login.
Type E (Establishment): Indicates the establishment of a shared memory area or an internal call. (Mostly for Fiori login)
type=H: HTTP/HTTPS session (Web-based logon)
Method=P (Password) Password authentication (user explicitly entered credentials)
Method=A (Authorized/Internal): Signifies an internal system call, such as background processing, rather than an interactive user session.