Solved: Set Up Alert when "SAP*" is logged at System

former_member215961 · ‎11-26-2012

Hi Experts,

Anybody know a tip to set up an alert when user loggon to an ABAP system?

Thanks,

Cheers

Former Member · ‎12-03-2012

Hi Sargan,

As per SAP Best Practices, User SAP* should be locked and the sap Parameter should be set to ensure that no one should be able to login as SAP*.. Please check in which client the changes were made and which programs are modified, and also please check the version of the program and the last modified by which tranport request .. if it is the same which you have mentioned, then please see if there is a job run by SAP*. If the audit log is enabled, you can check parallely the log file by keeping the date and user in the filter options

Thanks

Rajendra A

Former Member · ‎11-26-2012

Hi Sargan

Instead of creating alerts you should make sure that SAP* is protected and cannot be used at all.

Kindly check notes:

Note 2383 - Documentation description of 'super user' SAP star

Note 68048 - Deactivating the automatic SAP* user

Cheers,

Diego.

Former Member · ‎11-27-2012

Hi Sargan,

You can setup the audit log in the system through T-code Sm19 and values in filter with client'*" and user='SAP*'. This will give you all the details if someone will try to login with the user SAP* and all actions he will do.

Thanks,

Varun Jain

former_member215961 · ‎11-29-2012

Hi thanks for answer.

The problem is we have in our system, reports Z modified with user SAP*.

ZBAPI

It is wrong? In these days, for example, in 05.07.2012, we have

imported order SIDK991265, with function module ZBAPI

We made these imports with our user, not generic user SAP*.

Thanks a lot for your help,

Former Member · ‎11-29-2012

Probably the basis person installing the system scheduled the transport event jobs as SAP* and the FM is generated upon import. But there is no BAPI for that...

Take a look in the development system whether SAP* is also the last user to change the code there. Looking for a dialog login in the production system is unlikely to be of much use unless SAP* changed the code after the time of the import, particularly as SAP* cannot change customer objects from the normal SAPGui based workbenches - which means there is either some "hack" going on or you are looking in the wrong place.

Cheers,

Julius

Former Member · ‎12-03-2012

Hi Sargan,

As per SAP Best Practices, User SAP* should be locked and the sap Parameter should be set to ensure that no one should be able to login as SAP*.. Please check in which client the changes were made and which programs are modified, and also please check the version of the program and the last modified by which tranport request .. if it is the same which you have mentioned, then please see if there is a job run by SAP*. If the audit log is enabled, you can check parallely the log file by keeping the date and user in the filter options

Thanks

Rajendra A

fredrik_borlie · ‎12-11-2012

In an IDES system I used to manage I created a user exit in the login module which logged all users logging in. There was also an option to create a form to enter when logging in with SAP* and DDIC where we fetched additional information about the usage of SAP*.

One option could be to look into these user exits.

Some other similar modifications:

http://scn.sap.com/message/9251667

http://scn.sap.com/thread/1515252

Good luck!

Former Member · ‎12-11-2012

As stated in those threads, this mechanism is not intended for restrictive security purposes.

I would not rely on it.

Cheers,

Julius