Skip to Content
author's profile photo Former Member
Former Member

difference between SAP* and DDIC

Hi Gurus,

Can anyone let me know the difference between SAP* and DDIC, Wat are all the privilages they have

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

4 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Nov 23, 2007 at 10:55 AM

    Hi,

    Clients 000, 001 and 066 are created when your SAP System is installed. Two special users are defined in clients 000 and 001. Since these users have standard names and standard passwords, you must secure them against unauthorized use by outsiders who know of their existence.

    Note that no special user is created in client 066.

    The two special users in the SAP System are as follows:

    The SAP System superuser, SAP*

    SAP* is the only user in the SAP System that does not require a user master record, but that is instead defined in the system code itself. SAP* has by default the password PASS, as well as unlimited system access authorizations.

    When you install your SAP System, a user master record is defined for SAP* with the initial password 06071992 in Clients 000 and 001. The presence of a SAP* user master record deactivates the special properties of SAP*. It has only the password and the authorizations that are specified for it in the user master record.

    To secure SAP* against misuse, you should at least change its password from the standard PASS. For security reasons, SAP recommends that you deactivate SAP* and define your own superuser.

    The maintenance user for the ABAP Dictionary and software logistics, user DDIC.

    The user master record for user DDIC is automatically created in clients 000 and 001 when you install your SAP System. The default password for this user is 19920706. The system code allows user DDIC special privileges for certain operations. For example, DDIC is the only user that is allowed to log on to the SAP System during an upgrade.

    To secure DDIC against unauthorized use, you must change the initial password for the user in clients 000 and 001 in your R/3 System.

    The user EarlyWatch is delivered in client 066 and is protected using the password SUPPORT. The SAP EarlyWatch experts use this user which should not be deleted. Change the password. This user should only be used for EarlyWatch functions (monitoring and performance).

    Pl refer http://help.sap.com/saphelp_47x200/helpdata/en/52/67179f439b11d1896f0000e8322d00/frameset.htm

    Hope this helps.

    Pl award suitably

    Regards

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Nov 23, 2007 at 11:38 AM

    Hi..

    Precisely,

    SAP* will never undergo any authorization checks.So it has all authorizations. Authorization profile is SAP_ALL.

    If you want to deactivate the special properties of SAP*, set the system profile

    parameter login/no_automatic_user_sapstart to a value greater than zero. If the

    parameter is set, then SAP* has no special default properties. <b>If there is no SAP*

    user master record, then SAP* cannot be used to log on.</b>You should set the parameter in the global system profile, DEFAULT.PFL, so that

    it is effective in all instances of an R/3 System.

    User <b>DDIC</b> is required for certain installation and setup tasks in the system.

    You should secure the DDIC user against misuse by changing DDICÂ’s initial password 19920706

    in clients 000 and 001.

    PLs refer to the links provided in the above post.

    hope this is simple and understandable.

    PS :Award points if helpful

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Dec 03, 2007 at 10:45 AM

    User DDIC (from data dictionary) is the maintenance user for the ABAP dictionary and for software logistics.It's the user required to perform special functions in system upgrades.

    Like SAP*, user DDIC is a user with special privileges.

    The user master record for user DDIC is automatically created in clients 000 and 001 when you install your R/3 system.

    It has, by default, the password 19920706. Its difference from SAP* is that it has its own user master record.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Dec 03, 2007 at 10:47 AM

    User DDIC is required for certain installation and setup tasks in the system

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.