Suggested DDIC setting when not in use
What would be the ideal setting for DDIC user when not in use ? Apparently DDIC cannot be locked unlike SAP*
It is a best practice to secure the password of DDIC in a safe respository. Usually Basis team or IT Manager will have the keys to the repsository when the password is required for logging with DDIC.
It is always a good practice to remove all Roles and Profiles so that even if in the slightest chance of the password leakage, anybodyelse who may login with DDIC can do no harm to the SAP system.