sap* and ddic facts
-> sap* and ddic users are super users which are created by default when we install the sap application.
-> In fact to install ddic user's privileges are used.
->So ddic(data dictionary) user is created first with the default password 19920706 for client 000 and 111 only. But at the end of the installation phase the default password for ddic is overwritten with the master password provided at initial phase of installation.
->Default password for sap* is 06071992. It is also overwritten with the master password.
->It is applicable for default clients 000,001,066.
->sap* user reside at kernel level, means it is in the kernel code.
->Whenever we start sap application, Kernel code is executed and check whether sap* exist or not. If it does not exist than the kernel code again creates sap* user with the password pass.
->For the security reason this user is disabled to log in.
->To enable the login for sap* user set the parameter login/no_automatic_user_sap*=0 and restart sap application
->Even than if you are not able to login with sap* user than delete it from os level.
->To delete sap* user execute the sql command delete from SAPSR3.usr02 where bname='sap*' and mandt='<client no.>'; for mssql server replace SAPSR3 with <dbsid>.
->Later set the parameter login/no_automatic_user_sap*=1 or some higher value.To prevent from any accidental case.
->Or you can lock the user sap*.
->lock ddic user, It is used for some upgrade/update and installation tasks in background. Unlock ddic user only when it is required
->You are advised not to use ddic user.
->You can create user like ddic by making a copy of ddic.
->To copy execute su01 and press copy icon than provide ddic in copy from option.
->Beside this we also have a earlywatch user in 066 client with the password support. So you should also lock the earlywatch user.Unlock it when you open the connection to SAP.
-> sap* and ddic users are super users which are created by default when we install the sap application.
-> In fact to install ddic user's privileges are used.
->So ddic(data dictionary) user is created first with the default password 19920706 for client 000 and 111 only. But at the end of the installation phase the default password for ddic is overwritten with the master password provided at initial phase of installation.
->Default password for sap* is 06071992. It is also overwritten with the master password.
->It is applicable for default clients 000,001,066.
->sap* user reside at kernel level, means it is in the kernel code.
->Whenever we start sap application, Kernel code is executed and check whether sap* exist or not. If it does not exist than the kernel code again creates sap* user with the password pass.
->For the security reason this user is disabled to log in.
->To enable the login for sap* user set the parameter login/no_automatic_user_sap*=0 and restart sap application
->Even than if you are not able to login with sap* user than delete it from os level.
->To delete sap* user execute the sql command delete from SAPSR3.usr02 where bname='sap*' and mandt='<client no.>'; for mssql server replace SAPSR3 with <dbsid>.
->Later set the parameter login/no_automatic_user_sap*=1 or some higher value.To prevent from any accidental case.
->Or you can lock the user sap*.
->lock ddic user, It is used for some upgrade/update and installation tasks in background. Unlock ddic user only when it is required
->You are advised not to use ddic user.
->You can create user like ddic by making a copy of ddic.
->To copy execute su01 and press copy icon than provide ddic in copy from option.
->Beside this we also have a earlywatch user in 066 client with the password support. So you should also lock the earlywatch user.Unlock it when you open the connection to SAP.
hmm very use ful information bro...thanx
ReplyDeleteThanks Ranjith
ReplyDelete