on 07-17-2013 8:43 AM
Hi experts,
we are having 2 sap* users one @ DB level & other in kernel. Which would be use to logon to SAP.
Hi Sumit,
Yes, there will be two SAP* users always in any system, you normally use database SAP* (which is super user), kernel SAP* user will be used in case of loging in newly created client, where no users will be created, for the initial login to do client copy use sap* with password as PASS.
In other case, if you have forgot SAP* password and you don't know any other super user password, you can always delete the database SAP* user from db level, after that you can use sap* of kernel with password PASS for initial login.
Regards
karthik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sumit,
Refer link http://help.sap.com/saphelp_45b/helpdata/en/52/671792439b11d1896f0000e8322d00/content.htm
It should answer your query.
Hope this helps.
Regards,
Deepak Kori
Hi Sumit,
If parameter login/no_automatic_user_sapstar = 1 is set and both the users exists
Then you should be able to login with SAP* and its password in the database.
If parameter login/no_automatic_user_sapstar = 0 is set and SAP* does not exists in the database
then you should be able to login with SAP* & Pass credentials.
Hope this helps.
Regards,
Deepak Kori
Hi Sumit,
You can't have both super SAP* id at a same time, whenever you login in system it checks the db level for the user authentication, if no user present in the system and you have already enable the super user login (this time kernel user - which dont have user master record at db level), then the parameter will allow to check the kernel at os level and will authenticate to login.
So you can't have both sap* (db and kernel) at the same time.
regards
karthik
Hello
If I forget the SAP* Passwrd @ DB level, then to login with SAP*(kernel). Does it mandatory to DELETE sap* @ DB level OR parameter login/no_automatic_user_sapstar = 0 is enough.
I already told you how the SAP* user works.
Read this link carefully.
http://help.sap.com/saphelp_nw70/helpdata/en/3e/cdacecedc411d3a6510000e835363f/content.htm
You can also deactivate the hard-coded user SAP* by activating the profile parameter login/no_automatic_user_sapstar. For more information, see SAP Note 68048.
If a user master record was created for SAP*, then the corresponding authorizations assigned will apply; they are not affected by this parameter's setting.
If the parameter login/no_automatic_user_sapstar = 0 and if you try to login to the system with SAP* user to a particular client when the user is present in the SAP system (USR02 database table) it will fail if you don't use the right password for the SAP* user. The parameter value is taken into consideration only if the user is not present in the table.
When the SAP* user is present in the USR02 and if you try to login to that client with SAP* and password PASS the system wont let you.
Regards
RB
Hello
In that case, no need to delete you can set the parameter to zero and login.
If the parameter is set to 0 and if the user SAP* is present in the database and if you dont know the password for that user then the system will not let you login with the default password PASS
When a user logs into the SAP system it checks the client (MANDT) username (BNAME) and password encoded in the (BCODE) fields. If all these matches then login is successful else you will get "Incorrect username or password".
That is the reason why people suggest to delete the user to login to the system after setting the parameter to 0
http://it.toolbox.com/wiki/index.php/How_to_reset_user_SAP*
Regards
RB
Hello
The SAP* user is a hardcoded user in the SAP systems.
http://help.sap.com/saphelp_nw70/helpdata/en/3e/cdacecedc411d3a6510000e835363f/content.htm
If you delete the SAP* user from the database level or through SAP in a particular client then the SAP system will let you login with the SAP* user with its default password PASS provided the parameter login/no_automatic_user_sapstar is set to 0.
If there is an SAP* user present in the SAP system like any normal user, you can login to the system with the user if you provide the right password and client information.
Also the system will use assigned the authorizations of the SAP* user if present in the system.
The system will always check the user master records for a particular user and client at the underlying database.
The same method is used for SAP* user and the only exception is that if the user is not found at the database level then it checks the condition login/no_automatic_user_sapstar = 0 and if found true the system will let you login to the SAP system with the user SAP* and password PASS.
If the parameter login/no_automatic_user_sapstar is set to 0 and the SAP* user is present at the database level, then you can login to the system only if you provide the right password and the appropriate client.
Additionally read this SAP Note:
Note 2383 - Documentation: description of "super user" SAP*
Regards
RB
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello
If the parameter login/no_automatic_user_sapstar is set to 0 + SAP* user is present at the database level, then you can login to the system only if you provide the right password and the appropriate client.
Here is the answer:
The system will always check the user master records for a particular user and client at the underlying database. The same method is used for SAP* user and the only exception for SAP* user is that if the SAP* user is not found at the database level then it checks the condition login/no_automatic_user_sapstar = 0 and if found true the system will let you login to the SAP system with the user SAP* and password PASS.
Regards
RB
Hi,
Check or maintain the below parameter in instance profile if it doesn't exist.
stop the sap and maintain the parameter.
login/no_automatic_user_sapstar = 0
Check if sap* user @ DB level. if the user exist , Just delete it with delete query in the respective client.
now try to login with SAP* and password as PASS
Note : The parameter should be there in profile and SAP* should be deleted in DB level.
Then only you can login with user SAP* and password PASS
Regards
Yugandhar
Hi Sumit,
The R/3 System has a default superuser, SAP*, in the clients 000 and 001. A user master record is defined for SAP* when the system is installed. However, SAP* is programmed in the system and does not require a user master record.
If you delete the SAP* user master record and log on again as SAP* with initial password PASS, then SAP* has the following attributes:
1) The user is not subject to authorization checks and therefore has all authorizations.
2) The user has the password "PASS", which cannot be changed.
Please also refer SAP Notes 2383 and 68048 for more information.
BR,
Kaivalya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sumit,
Do we really have any user in Kernel ??
Could you share details of both the users.
Regards,
Deepak Kori
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Deepak,
http://wiki.sdn.sap.com/wiki/display/ABAP/Changing+the+default+password+for+sap+use
Regards
Sumit
User | Count |
---|---|
85 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.