Show TOC

Procedure documentationSecuring User DDIC Against Misuse Locate this document in the navigation structure

 

User DDIC is a user with special privileges in installation, software logistics, and the ABAP dictionary. SAP NetWeaver Application Server (AS) creates the user master record for user DDIC automatically in clients 000 and 001 when you install your SAP System. The default password for this user is 19920706. The system code allows user DDIC special privileges for certain operations. For example, DDIC is the only user that is allowed to log on to SAP NetWeaver Application Server (AS) during an upgrade.

Caution Caution

Do not delete DDIC or its profiles. DDIC is needed for certain tasks in installation and upgrade, software logistics, and for the ABAP dictionary. Deleting it results in loss of functions in these areas.

To make sure everything runs smoothly, give DDIC the authorizations for SAP_ALL during an installation or upgrade and then lock it afterwards. Only unlock it when necessary.

End of the caution.

Procedure

  1. Secure DDIC against misuse by changing the default password in all clients.

  2. Lock DDIC and unlock it only when necessary.

  3. Create a user of type system for the transport background job RDDIMPDP in all clients that are used for import, so you can lock the user DDIC.

    The new user needs SAP_ALL and SAP_NEW authorizations because the job calls function modules for various applications that cannot be determined for all cases ahead of time.

    Use Simple Job Selection (transaction SM37) to set the new user as owner of the jobs RDDIMPDP and RDDIMPDP_CLIENT_<client>.