Sandeep,
Expert Babu is right. GATP is one of the few applications where SAP security experts recommend using a dialogue user for the RFC userid, and not a communications user or system user.
If your Basis team would like to see this recommendation, have them refer to the appropriate security guide for SCM. For example,
http://service.sap.com/~sapidb/011000358700001395692010E/SCM_SG_0_701.PDF
(this particular version is 7.0 EHP1) where it states on page 26:
Maintaining Authorizations for Available to Promise (ATP)
Available to Promise plays an important role in the integration of SAP APO and SAP ERP: The ATP check needs an RFC connection with a dialog user to perform the check
If your basis team wants to eliminate the risk (yes, there can be a security risk if you use a generic RFC userid with type dialogue), they can set up a trusted system relationship for just the GATP check. In this way, each ECC user who calls GATP in SCM has their own userid in SCM; and their userid in SCM actually performs the check.
Companies I have seen don't normally go this far, they just assign ONLY the roles that are strictly required to the generic RFC Userid.
Best Regards,
DB49