cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP* at DB level & Kernel level

Go to solution
Former Member

on ‎07-17-2013 8:43 AM

0 Kudos

Hi experts,

we are having 2 sap* users one @ DB level & other in kernel. Which would be use to logon to SAP.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

karthikeyan_natarajan4
Active Contributor
‎07-17-2013 8:59 AM
0 Kudos

Hi Sumit,

Yes, there will be two SAP* users always in any system, you normally use database SAP* (which is super user), kernel SAP* user will be used in case of loging in newly created client, where no users will be created, for the initial login  to do client copy use sap* with password as PASS.

In other case, if you have forgot SAP* password and you don't know any other super user password, you can always delete the database SAP* user from db level, after that you can use sap* of kernel with password PASS for initial login.

Regards

karthik

Show replies
Show replies
Former Member
‎07-17-2013 9:56 AM
0 Kudos

Hi Karthik,

So, you mean, If we wanna login with SAP* of kernel, I have to delete UMR from DB level. Only then , I can login..

former_member188883
Active Contributor
‎07-17-2013 10:04 AM
0 Kudos

Hi Sumit,

Refer link http://help.sap.com/saphelp_45b/helpdata/en/52/671792439b11d1896f0000e8322d00/content.htm

It should answer your query.

Hope this helps.

Regards,

Deepak Kori

Former Member
‎07-17-2013 10:20 AM
0 Kudos

Hi Deepak,

My query is-> Which would be use to logon to SAP if both exist....

No answer in link shared by you....

Former Member
‎07-17-2013 10:27 AM
0 Kudos

Hi,

If the user Master record for SAP* is present then it will be used else the one with the default password "pass".

BR,

Kaivalya

former_member188883
Active Contributor
‎07-17-2013 10:34 AM
0 Kudos

Hi Sumit,

If parameter login/no_automatic_user_sapstar = 1 is set and both the users exists

Then you should be able to login with SAP* and its password in the database.

If parameter login/no_automatic_user_sapstar = 0 is set and SAP* does not exists in the database

then you should be able to login with SAP* & Pass credentials.

Hope this helps.

Regards,

Deepak Kori

Former Member
‎07-17-2013 10:52 AM
0 Kudos

Hello,

When parameter login/no_automatic_user_sapstar = 0, means one can login with "PASS" credentials...   +  I m having the credentials of SAP* @ Db level.

Then which should be taken for SAP*

Thanks

Sumit

karthikeyan_natarajan4
Active Contributor
‎07-17-2013 11:34 AM
0 Kudos

No no, in case if you don't know sap* (db) password, no other password, then you dont have any user id to log in right, in that case, you can delete sap* from db level, which will allow the kernel user to login using password pass

regards

karthik

karthikeyan_natarajan4
Active Contributor
‎07-17-2013 11:38 AM
0 Kudos

Hi Sumit,

You can't have both super SAP* id at a same time, whenever you login in system it checks the db level for the user authentication, if no user present in the system and you have already enable the super user login (this time kernel user - which dont have user master record at db level), then the parameter will allow to check the kernel at os level and will authenticate to login.

So you can't have both sap* (db and kernel) at the same time.

regards

karthik

Former Member
‎07-17-2013 11:55 AM
0 Kudos

Hello Karthik,

If I forget the SAP* Passwrd @ DB level, then to login with SAP*(kernel). Does it mandatory to DELETE sap* @ DB level OR  parameter login/no_automatic_user_sapstar = 0   is enough.

Thanks

Sumit

karthikeyan_natarajan4
Active Contributor
‎07-17-2013 12:08 PM
0 Kudos

Hi Sumit,

In that case, no need to delete you can set the parameter to zero and login.

Former Member
‎07-17-2013 12:36 PM
0 Kudos

That's right answer of my query.......

karthikeyan_natarajan4
Active Contributor
‎07-17-2013 12:47 PM
0 Kudos

Hope to see many questions like this, which is helpful to rewind. Sumit, could you please close the thread if you are clear about it.

regards

kartik

Reagan
Product and Topic Expert
Product and Topic Expert
‎07-17-2013 12:49 PM
0 Kudos

Hello

If I forget the SAP* Passwrd @ DB level, then to login with SAP*(kernel). Does it mandatory to DELETE sap* @ DB level OR  parameter login/no_automatic_user_sapstar = 0 is enough.

I already told you how the SAP* user works.

Read this link carefully.

http://help.sap.com/saphelp_nw70/helpdata/en/3e/cdacecedc411d3a6510000e835363f/content.htm

You can also deactivate the hard-coded user SAP* by activating the profile parameter login/no_automatic_user_sapstar. For more information, see SAP Note 68048.
If a user master record was created for SAP*, then the corresponding authorizations assigned will apply; they are not affected by this parameter's setting.

If the parameter login/no_automatic_user_sapstar = 0 and if you try to login to the system with SAP* user to a particular client when the user is present in the SAP system (USR02 database table) it will fail if you don't use the right password for the SAP* user. The parameter value is taken into consideration only if the user is not present in the table.

When the SAP* user is present in the USR02 and if you try to login to that client with SAP* and password PASS the system wont let you.

Regards

RB

Reagan
Product and Topic Expert
Product and Topic Expert
‎07-17-2013 12:57 PM
0 Kudos

Hello

In that case, no need to delete you can set the parameter to zero and login.

If the parameter is set to 0 and if the user SAP* is present in the database and if you dont know the password for that user then the system will not let you login with the default password PASS

When a user logs into the SAP system it checks the client (MANDT) username (BNAME) and password encoded in the (BCODE) fields. If all these matches then login is successful else you will get "Incorrect username or password".

That is the reason why people suggest to delete the user to login to the system after setting the parameter to 0

http://it.toolbox.com/wiki/index.php/How_to_reset_user_SAP*

Regards

RB

Answers (3)

Answers (3)

Reagan
Product and Topic Expert
Product and Topic Expert
‎07-17-2013 10:24 AM
0 Kudos

Hello

The SAP* user is a hardcoded user in the SAP systems.

http://help.sap.com/saphelp_nw70/helpdata/en/3e/cdacecedc411d3a6510000e835363f/content.htm

If you delete the SAP* user from the database level or through SAP in a particular client then the SAP system will let you login with the SAP* user with its default password PASS provided the parameter login/no_automatic_user_sapstar is set to 0.

If there is an SAP* user present in the SAP system like any normal user, you can login to the system with the user if you provide the right password and client information.

Also the system will use assigned the authorizations of the SAP* user if present in the system.

The system will always check the user master records for a particular user and client at the underlying database.

The same method is used for SAP* user and the only exception is that if the user is not found at the database level then it checks the condition login/no_automatic_user_sapstar = 0 and if found true the system will let you login to the SAP system with the user SAP* and password PASS.

If the parameter login/no_automatic_user_sapstar is set to 0 and the SAP* user is present at the database level, then you can login to the system only if you provide the right password and the appropriate client.

Additionally read this SAP Note:

Note 2383 - Documentation: description of "super user" SAP*

Regards

RB

Show replies
Show replies
Former Member
‎07-17-2013 10:55 AM
0 Kudos

Hi benjamin,

If the parameter login/no_automatic_user_sapstar is set to 0 + SAP* user is present at the database level, then you can login to the system only if you provide the right password and the appropriate client.

Above statement means I can login with both SAP*.

Thanks

Sumit

Reagan
Product and Topic Expert
Product and Topic Expert
‎07-17-2013 11:13 AM
0 Kudos

Hello

If the parameter login/no_automatic_user_sapstar is set to 0 + SAP* user is present at the database level, then you can login to the system only if you provide the right password and the appropriate client.

Here is the answer:

The system will always check the user master records for a particular user and client at the underlying database. The same method is used for SAP* user and the only exception for SAP* user is that if the SAP* user is not found at the database level then it checks the condition login/no_automatic_user_sapstar = 0 and if found true the system will let you login to the SAP system with the user SAP* and password PASS.

Regards

RB

Former Member
‎07-17-2013 11:36 AM
0 Kudos

Hi,

Check or maintain the below parameter in instance profile if it doesn't exist.

stop the sap and maintain the parameter.

login/no_automatic_user_sapstar = 0

Check if sap* user @ DB level. if the user exist , Just delete it with delete query in the respective client.

now try to  login with SAP* and password as PASS

Note : The parameter should be there in profile and SAP* should be deleted in DB level.

Then only you can login with  user SAP* and password PASS

Regards

Yugandhar

Former Member
‎07-17-2013 9:58 AM
0 Kudos

Hi Sumit,

The R/3 System has a default superuser, SAP*, in the clients 000 and 001. A user master record is defined for SAP* when the system is installed. However, SAP* is programmed in the system and does not require a user master record.

If you delete the SAP* user master record and log on again as SAP* with initial password PASS, then SAP* has the following attributes:

1) The user is not subject to authorization checks and therefore has all authorizations.

2) The user has the password "PASS", which cannot be changed.

Please also refer SAP Notes 2383 and 68048 for more information.

BR,

Kaivalya

Show replies
Show replies
former_member188883
Active Contributor
‎07-17-2013 9:00 AM
0 Kudos

Hi Sumit,

Do we really have any user in Kernel ??

Could you share details of both the users.

Regards,

Deepak Kori

Show replies
Show replies
Former Member
‎07-17-2013 9:53 AM
0 Kudos

Hello  Deepak,

http://wiki.sdn.sap.com/wiki/display/ABAP/Changing+the+default+password+for+sap+use

Regards

Sumit

Ask a Question