Show TOC

Securing User DDIC Against MisuseLocate this document in the navigation structure


User DDIC is a user with special authorizations for installation, software logistics, and the ABAP dictionary. SAP NetWeaver Application Server (AS) creates the user master record for user DDIC automatically in clients 000 and 001 when you install your SAP system. The installer also assigns the default password for this user that you designated as the master password during installation. The system code allows user DDIC special authorizations for certain operations. For example, DDIC is the only user that is allowed to log on to SAP NetWeaver AS during an upgrade.


Do not delete DDIC or its profiles. DDIC is needed for certain tasks in installation and upgrade, software logistics, and for the ABAP dictionary. Deleting DDIC results in loss of functions in these areas.

To make sure that everything runs smoothly, give DDIC the authorizations for SAP_ALL during an installation or upgrade and then lock it afterwards. Only unlock it when necessary.


  1. Secure DDIC against misuse by changing the default password in all clients.

  2. Lock DDIC and unlock it only when necessary.