Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP R/3

Former Member

‎04-22-2007 10:16 PM

0 Kudos

I need some detail solutions and suggests about below these problems [SAP R/3] :

Problem 2: Problems in User Maintenance and Security of the SAP R/3 System

• Problem 2.1: Super user account password was lost (e.g. SAP* password was lost)

• Problem 2.2: Super users DDIC and SAP* were dropped in table usr02 in Oracle.

• Problem 2.3: Some users have been locked or deleted by an ABAP programmer who has been granted with almost superuser profiles. For example, an ABAP programmer has been granted a profile of SAP_ALL and SAP_NEW but the system administrator would like to restrict all programmers form using SU01, SU02, SM01, so that no programmers can maintain other user's accounts.

2 REPLIES 2

LeonardoAraujo
Active Contributor

‎04-23-2007 3:16 AM

0 Kudos

3.1 - If you client copy from client 000, you need to go to SCC4 and set the client to customizing chnages allowed;

3.2 - If you do a client copy from client 800 (the one that SAP delivers data in) you should have data. Client 000 is empty (almost).

3.3 - You should be able to change the password of SAP* PASS user.

I am not sure which version you are dealing with, but ERP2004 and ERP2005 allow you to change the password suring installation.

Also, there is a parameter that can be maintained that allows you to log on as SAP*. If you set as not available, no one can log on.

Hope it helps,

Leonardo De Araujo

Former Member

‎04-24-2007 9:58 PM

0 Kudos

Hi,

> Problem 2: Problems in User Maintenance and Security

> of the SAP R/3 System

> • Problem 2.1: Super user account password was lost

> (e.g. SAP* password was lost)

Delete SAP* table row from table USR02 using the DB client of your choice and log on as SAP*/PASS. (you might need to change profile paramater login/no_automatic_user_sapstar and restart SAP first).

> • Problem 2.2: Super users DDIC and SAP* were dropped

> in table usr02 in Oracle.

Recreate the user accounts via SU01 and assgin correct profiles (i.e. SAP_ALL)

> • Problem 2.3: Some users have been locked or deleted

> by an ABAP programmer who has been granted with

> almost superuser profiles. For example, an ABAP

> programmer has been granted a profile of SAP_ALL and

> SAP_NEW but the system administrator would like to

> restrict all programmers form using SU01, SU02, SM01,

> so that no programmers can maintain other user's

> accounts.

- Unlock the users.

- Do NOT grant SAP_ALL to developers. btw: Don't try creating a role/profile such as "SAP_ALL minus a little bit". It won't work.

Reagrds,

Dominik