Am raising this question for a SOX compliance issue in our ECC production system.
As per SOX compliance guideline we should not use DDIC user except transport and we are not using DDIC anywhere in our production environment.
Recently in transaction ST03N we have found that report/program sapstartsrv has been called out with user DDIC via RFC calls which includes function modules RFCPING & TH_GET_PARAMETER
Kindly give your suggestions on the below
1. Why program sapstartsrv has been called out with DDIC user with internal RFC destination?
2. How do we prevent this?