Show TOC

Background documentationProtecting Special Users Locate this document in the navigation structure

 

SAP NetWeaver AS ABAP creates the standard users SAP*, DDIC, and EARLYWATCH during the installation process in the clients as shown in the table below.

Default Passwords for SAP* and DDIC

User

Description

Client

Default Password

SAP*

SAP NetWeaver AS system super user

000, 001, all new clients

06071992

PASS

DDIC

ABAP dictionary and software logistics super user

000, 001

19920706

EARLYWATCH

Dialog user for the Early Watch service in client 066

066

support

Recommendation Recommendation

We recommend that you regularly review the following criteria for protecting the standard users:

  • Maintain an overview of the clients that you have and make sure that no unknown clients exist.

  • Make sure that SAP* exists and has been deactivated in all clients.

  • Make sure that the default passwords for SAP*, DDIC, and EARLYWATCH have been changed.

  • Make sure that these users belong to the group SUPER in all clients.

  • Lock the users SAP*, DDIC, and EARLYWATCH. Unlock them only when necessary. It should never be necessary to use SAP*!

  • Do not delete EARLYWATCH. This user should only be used for Early Watch functions (monitoring and performance).

End of the recommendation.

To find out which clients you have in your system, display the table T000 using transaction SM30.

To make sure that the user SAP* has been created in all clients and that the standard passwords have been changed for SAP*, DDIC and EARLYWATCH, use the report RSUSR003.

For more information, see SAP Note 40689.

More Information