Skip to Content

Lock or delete of SAPCPIC and TMSADM users

Hello All,

We have the standard users from SAP which gets setup in the Productive clients also with their standard password maintained. So it showing RED mark in the Early watch reports which is used as a part of audit

Is it really required to have these users in Productive clients?

As far as I know SAPCPIC was used for RFC connections in earlier releases.

We are on CRM ABAP version 7.0.

So in that case, Can  I delete the SAPCPIC user then or can it's password be changed?

Again on TMSADM is required in 000 client. What is the purpose of having the same in productive clients?

Can I lock the same or change it's standard password in productive clients?

All I am concerned on productive clients alone.

Can anyone help me

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • avatar image
    Former Member
    Sep 09, 2013 at 08:18 PM

    You should not only be concerned about PROD clients. Actually, you should also be concerned about communication partner systems (DEV, SOLMAN, etc...).

    SAPCPIC you can 99% of the time simply delete as long as you are not using it. When analyzing the usage, you sometimes find misuse...

    TMSADM outside of 000 depends on your transport setup. The routes might be client dependent? But 99% of the time it is just the CUA which distrubuted the user to everywhere. Most important is the standard profile assigned only and the domain controller on a secured high availability system, before you create your own domain password for it (that will be the same everywhere anyway and saved into the RFC clients anyway...).



    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hello Julius and everyone,

      I was wondering about SAPCPIC user, how can I check what is this user actually doing in my system ?

      I read that chaning the pwd might require some other RFCs, how can I see what are the RFCs being used together with SAPCPIC.

      Thanks in advance,


  • Sep 10, 2013 at 01:25 PM

    This message was moderated.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 10, 2013 at 05:35 PM

    Very often these users are being (mis)used without people knowing it. You can start analyzing the users usage via Sm19/sm20 and/or the STAD or via specific software tools.

    Before deleting the users, you can start by changing the passwords for these users. Very often you will see that the users are used for background jobs or similar (this shouldn't be the case, off course).

    After solving the issues and assigning all these jobs to the correct users, you can delete them.

    Add comment
    10|10000 characters needed characters exceeded