Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP* in client 000

Former Member

‎12-24-2010 6:52 AM

0 Kudos

If I know the password of SAP* in client 000, what is the impact to other clients in the same SAP system? Are there any shared parameters/programs/reports/data that uses by all the clients? May I change the settings of other clients by logging in client 000 with SAP*?

Thanks,

Fred

4 REPLIES 4

Former Member

‎12-24-2010 7:01 AM

0 Kudos

Hi Fred,

Client 000 holds the cross client information. Best example is T000, E070, USR40, SSM_CUST tables (there are many). If you have access to SAP*, you may make some changes in these cross client tables, which will affect the other clients too. The other area is SAP system parameters, which are set system wide.

Hence, it is recommended to keep the SAP* & DDIC user IDs securely. The login/no_automatic_user_sapstar profile parameter controls the emergency user SAP* (Refer SAP Notes 2383 and 68048) and if the SAP* password is trivial too, it will not allow any one to login using it.

Hope this helps!!

Regards,

Raghu

Former Member
In response to Former Member

‎12-24-2010 9:21 AM

0 Kudos

Hi Raghu,

Thanks for your answer. One more question, if I know the password of SAP* on client 000 in QAS environment, is it possible to have impact on clients in Production environment? Is it possible that I change common parameters or cross client tables in QAS environment, and these changes be transported to Production environment?

Thanks for your help!

Fred

Former Member
In response to Former Member

‎12-24-2010 9:29 AM

0 Kudos

Hi Fred,

Yes. There are lot of RFCs that can be used to connect to the other systems, which include the production systems too. The SAP* will have SAP_ALL and SAP_NEW profiles which gives access to lots of critical authorization objects, that includes S_RFC, S_TABU* etc.

As highlighted in the earlier replies by me and Julius, its highly recommend to secure it.

Regards,

Raghu

Former Member

‎12-24-2010 9:19 AM

0 Kudos

With SAP* in any client you can take full control of the system, any client in it and 9 times out of 10 all other systems in the same network and even beyond, in about 2 minutes flat!

Better to secure that one...

Julius