cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

sap* user is automatically deleted from system after renewing maintenance certificate

Go to solution
former_member183044
Active Participant

on ‎03-09-2016 6:29 AM

0 Kudos

Hi all,

Two days back i've renewed the maintenance certificate for DEV system by SAP* user. But yesterday when i tried to login with SAP* id, it showing a message that SAP* used doesn't exist.

Is there anyway SAP* id is automatically deleted? Can i create SAP* id again ? Also DDIC SAP id also got locked.

Kindly help.....

Regards

Praveen

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Sriram2009
Active Contributor
‎03-09-2016 6:48 AM
0 Kudos

Hi Praveen.

Are you used ddic user id any one of the RFC? you can check the RFC connection test using the program name RSRFCCHK.

Regards

SS

Show replies
Show replies
Former Member
‎03-09-2016 6:55 AM
0 Kudos

Hi Praveen,

SAP* is a kernel user and will not in db, if you haven't created the user in SU01.

The reason why we create SAP* in SU01 to avoid other users login in SAP using the default password which is known to every one (SAP*/pass).

If you want SAP* to be used in future get the user ID created in SU01 and set different password. IF the user does not exists in DB it will take the details from Kernel.

REgards,

Prithviraj

former_member183044
Active Participant
‎03-09-2016 7:19 AM
0 Kudos

Hi SS,

Thanks for the reply.

Here for RFC connection already there are 3 more users. We are currently not using DDIC for RFC connections.

I tested the RFC connection for the particular system(SID). Connection test was successful.

How SAP* is removed automatically?

Regards

Praveen

Sriram2009
Active Contributor
‎03-09-2016 7:22 AM
0 Kudos

Hi Praveen.

Could you check the profile parameter "login/no_automatic_user_sapstar" value in RZ11 

Regards

SS

former_member183044
Active Participant
‎03-09-2016 7:24 AM
0 Kudos

Hi Prithviraj,

Yesterday i've updated the maintenance certificate by using SAP* id. But before that SAP* password wasn't correct. Then i used the command "DELETE * FROM SID.USR02 where BNAME='SAP*" MANDT= '400'.

After that i looged in using the password PASS. then i updated the maintenance certificates.

But yesterday again when i tried to logged using SAP*, the logon was not possible. i checked in SUIM also, there i found out that SAP* user was not there.

Is there any problem that i create SAP* user again through SU01 by assigning SAP_ALL and SAP_NEW and also assigning SUPER group??

Regards

Praveen

Former Member
‎03-09-2016 7:50 AM
0 Kudos

Hi Praveen

There is no problem in creating SAP* user at DB level (SU01). In this way you can keep SAP* enabled and avoid users login in to sap system using default credentials.

Also the system your referring is DEV so you can have SAP* enabled.

Regards,

Prithviraj

former_member183044
Active Participant
‎03-09-2016 8:28 AM
0 Kudos

SS,

PFA the screenshot. Default value is 1.

Regards

Praveen

former_member183044
Active Participant
‎03-09-2016 8:31 AM
0 Kudos

Prithvi,

I will create SAP* ID via SU01. But i have another doubt. As i mentioned earlier i used the command "DELETE * FROM SID.USR02 where BNAME='SAP*" MANDT= '400' for resetting the password of SAP*. IS because of this command SAP* ID is deleted?

//Also the system your referring is DEV so you can have SAP* enabled.//


Can you please explain the above sentence?

Regards

Praveen

Answers (1)

Answers (1)

former_member183044
Active Participant
‎03-09-2016 9:30 AM
0 Kudos

Hi All,

In SUIM (in DEV system) also SAP* user id is not there, but i can now log in with SAP* user id with the password PASS.

So is it any harmful if i create one more SAP ID? And also If i do so, in future i want to update support packages, which SAP* password should i use? "PASS" or newly created user's password?

Regards

Praveen

Show replies
Show replies
Former Member
‎03-09-2016 9:38 AM
0 Kudos

Hi Praveen.

Please run this reports to check SAP*.

RSUSR000     Currently Active Users

RSUSR003     Check the Passwords of Users SAP* and DDIC in All Clients

As for update Support Packages, you should use DDIC, not SAP*.

Regards.

Osvaldo Dias Ferreira

former_member183044
Active Participant
‎03-09-2016 9:54 AM
0 Kudos

Hi Osvaldo,

My question is that if system will any harmful if i create one more SAP ID? Already SAP* is working now with the password PASS.

Regards

Praveen

Former Member
‎03-09-2016 10:04 AM
0 Kudos

Hi.

You want to create another user? You can do that, and use that user to do Support Packages Update.

(As I mentioned earlier SAP recomends to use DDIC for that task, but you can use a new User with the correct roles / authorizations.

(Please change SAP* password, because PASS is well known and is a danger for the security of your SAP System.)

Regards.

Osvaldo Dias Ferreira

Former Member
‎03-09-2016 10:05 AM
0 Kudos

Hi,

As I mentioned earlier  there is no problem in creating SAP* user in (SU01). In this way you can keep SAP* enabled and avoid users login in to sap system using default credentials.

When you create SAP* in SU01 while login in to sap system it will use credentials that you maintain while creating it in SU01.

If you forget the credentials in future, you can delete the user from usr02 and use default password to login into sap system (sap*/pass)

Regards,

Prithviraj.

hemanth2
Product and Topic Expert
Product and Topic Expert
‎03-09-2016 3:18 PM
0 Kudos

Hi Praveen,

Hope you are doing good.
I have seen errors like : Open SQL array insert results in duplicate database records when you try to create SAP* again in SU01. Just keep a note of this.

maybe you can run SAP Note 1401395 (Report to clean up residual data in user tables ) once.

Also if you are deleting via SQLPLUS, make sure that you are committing the transaction.

Hope this helps.

_ _ _ _ _ _ _ _ _

Kind Regards,

Hemanth

SAP Active Global Support

_ _ _ _ _ _ _ _ _

Ask a Question