Skip to Content
avatar image
Former Member

SAP* & ddic password locked in 000 client

Hi All,

Accidently SAP* and DDIC user id's have been locked in 000 client ,we need to apply some patch through 000 client and we are unable to login.

I have seen a lot of fourms to unlock these id's from database level.We are running on Oracle 10g and SAP ECC 6.0.

Please give me the exact query and other things I need to perform to unlock these users.

Regards,

Prashant

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

7 Answers

  • Best Answer
    avatar image
    Former Member
    Mar 08, 2009 at 09:17 AM

    Hi Prashant,

    If you not find the parameter then create it.....and set it as login/no_automatic_user_sapstar = 0 then perform the following steps:

    1. stop/start the SAP system

    2. logon with SAP* reset the password of DDIC

    3. Login with DDIC and change the password.

    4. change the Parameter login/no_automatic_user_sapstar = 1

    5. Stop/Start the SAP system.

    With Regards,

    Krishna.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Mar 07, 2009 at 05:22 PM

    Hello Prashant,

    Log on to your operating system as user ora<sid>

    sqlplus / as sysdba;

    Delete from usr02 where bname = 'SAP*' and client = '000';

    It will reset the password of sap* as pass

    Also make sure that the parameter login/no_automatic_user_sapstar is set to 0,check this in rz11 and if it is 1 change back to 0

    You will be able to login using sap*,then you can change the password for ddic user in 000

    Let me know of any issues

    Rohit

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      yes Prasahant try with sapr3..usro02

      check that parameter in RZ11,go to rz11 and type the parameter and check its value,the default value is 0

      Rohit

  • avatar image
    Former Member
    Mar 07, 2009 at 06:16 PM

    Hi Prasant,

    If your OS is unix please check env |grep schema that is SAPR3 you use below command from SQL prompt "delete SAPR3.USR02 where BNAME='SAP*' and MANDT='000';"

    env |grep schema is SAPSR3 you use below command

    "delete SAPSR3.USR02 where BNAME='SAP*' and MANDT='000';"

    If it is Windows OS just execute ENV from command prompt.

    *Then restart SAP and login with "SAP" and password is "pass"**

    then you can change DDIC password from SAP level.

    Regards,

    Krishna Reddy

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Mar 08, 2009 at 04:28 AM

    Hi,

    Please use the below procedure for to solve the issue.

    1. Login into SQL

    2. Then type

    SQL>delete from <schema name>.usr02 where bname='sap*' and mandt='000' ;

    3. After the above command type as follows....

    SQL> commit;

    4. Login into sap level...with the help of sap* and password pass

    5. Then reset ddic password.

    To find the schema, perform u201Cenv | grep schemau201D as ora<sid> user. at unix level....

    With Regards,

    Krishna.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi All,

      We are working on windows server and as its a production server we don't want any kind of restart......when I checked the instance profile through RZ10 I couldn't find the login* parameter.

      If this parameter is not present in my instance profile, what will be its default value.

      Will I be able to login the system using sap* and pass after executing the SQL command (without restarting the instance).

      Regards,

      Prashant

  • Mar 08, 2009 at 09:15 AM

    Hi Prashant,

    If you the know the password of SAP* user who is locked, use only the below sql stmt.

    SQL> update table <schemaowner>.usr02 set uflag=0 where mandt=000 and bname='SAP*';

    SQL>commit;

    (This statement unlocks the user SAP* and since you know the password you can login and unlock other users)

    OR

    If you dont know the passwords of locked users try the below

    At SAP Level

    First you need to check the parameter login/no_automatic_user_sapstar value is 0 or 1.(Set to 0)

    Restart the SAP instance and check the parameter changed to 0.

    At Database Level

    SQL> delete * from <schemaowner>.usr02 where bname='SAP*' and mandt=000;

    SQL> commit;

    (This delete sap* user from 000 client)

    Now you can login with SAP* with password PASS in 000 client and can create or change password or lock any user.

    Regards,

    Kalyan

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jun 07, 2013 at 07:24 AM

    Is there any way to reset the SAP* and DDIC user password without restarting the SAP system.

    login/no_automatic_user_sapstar parameter value is set to 1 in my system.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      after setting parameter value 0 u have to take restart of server ..

      to make changes in server you have to take restart

      ..

  • avatar image
    Former Member
    Jan 02, 2014 at 04:25 PM

    login to SQL:

    _Unlocking SAP:_*

    1.select mandt,bname from SAP<SCHEMAID>.USR02 where mandt=000 and bname ='SAP*';(just for checking)

      ->delete from SAP<SCHEMAID>.USR02 where mandt=000 and bname='SAP'; ( it will unlock the sap)

    -> commit;

    Unlocking DDIC:

    2. select mandt,bname from SAP<SCHEMAID>.USR02 where mandt=000 and bname ='DDIC';

      ->  ->delete from SAP<SCHEMAID>.USR02 where mandt=000 and bname='DDIC*'; ( it will unlock the DDIC)

      -> commit;

    After this try to login with SAP* and DDIC with the passwords which you are given during the installation, if you get the result as name/password is incorrect then you user pass for SAP* and 19920706 for DDIC( only in case if you get error).

    Add comment
    10|10000 characters needed characters exceeded