cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP* does not exist in USR02

abhijeet_singh2
Participant

on ‎08-20-2012 5:17 PM

0 Kudos

Hi Experts,

SAP* user is missing in one of our system's user master data.

Whats strange here is that i'm logged into the System with its default password.

I tried to check details for it from table usr02 .. It was not there.

When i try "Own Data" then too i get "user doesn't exist" message.

The purpose of whole exercise was to reset the password.

Also is SAP* by default is service user or Dialogue user ? 

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

JPReyes
Active Contributor
‎08-20-2012 6:17 PM
0 Kudos 
Whats strange here is that i'm logged into the System with its default password. 
I tried to check details for it from table usr02 .. It was not there.

SAP* is a hardcoded superuser, if the user does not exist in SU01(and parameter login/no_automatic_user_sapstar is set to 0) its default password is PASS.

Read,

http://help.sap.com/saphelp_46c/helpdata/en/52/671792439b11d1896f0000e8322d00/content.htm

Regards

Show replies
Show replies
abhijeet_singh2
Participant
‎08-21-2012 12:52 AM
0 Kudos

Thank You All for reply ..

Hi Juan,

then isn;t it a THREAT to the system to delete SAP* from usr02 ?

Also i noticed that its not getting tracked in the AUDIT log.

Whats does the SAP best practices suggest on it.

Also In my situation if i just set login/no_automatic_user_sapstar > 0

Then what all special properties it will not have. It was not mentioned in detail in the link you provided.

former_member189725
Active Contributor
‎08-21-2012 3:01 AM
0 Kudos

Yes , you should not have login/no_automatic_user_sapstar is set to 0 and SAP* should exist in USR02 table.

This may lead to audit issues and also is a security threat for the system..

Create the user SAP* user in all clients in which it does not exist and set value of profile parameter login/no_automatic_user_sapstar to 1.

Once you set parameter login/no_automatic_user_sapstar=1 and restart the SAP application  , all special properties of SAP* user would be deactivated.

In transaction code RZ11 , check the documentation of the paramter login/no_automatic_user_sapstar .

Regards

Ratnajit

JPReyes
Active Contributor
‎08-21-2012 9:10 AM
0 Kudos

then isn;t it a THREAT to the system to delete SAP* from usr02 ?

Correct, you should always have a User Master Record for SAP*

Also i noticed that its not getting tracked in the AUDIT log.

Not sure about that, But in anycase you should be able to track changes in profile parameters and the user master deletion which will give you more than enough evidence to suspect a breach in security.

Whats does the SAP best practices suggest on it.

SAP suggest user to be created without any profiles/roles and to disable profile parameter login/no_automatic_user_sapstar

Read

http://help.sap.com/saphelp_nw70/helpdata/en/3e/cdacecedc411d3a6510000e835363f/content.htm

Regards, Juan

former_member209924
Contributor
‎08-20-2012 6:06 PM
0 Kudos

Did you delete SAP* from the database?  If you did, then it won't exist in USR02 of that Client.

Login to the client where you deleted SAP* from and create it under SU01 as Dialog.  Make sure to give SAP_ALL under Profiles.

Ravi

Show replies
Show replies
Former Member
‎08-20-2012 6:20 PM
0 Kudos

Abhijeet SAP* does not need a user master record.

"SAP* is hard-coded in SAP Systems and does not require a user master record!"

http://help.sap.com/saphelp_nw70/helpdata/en/3e/cdacecedc411d3a6510000e835363f/content.htm

Check this thread http://scn.sap.com/thread/3174139  if you are having issues resetting the password.

Regards

Amit Padmawar

Ask a Question