Scribd
Upload
28 views3 pages

User Administartion

The document outlines user administration terminologies and types within an SAP system, detailing mandatory fields for user creation, roles, profiles, and user types such as Dialog, System, and Communication users. It also explains different user locks, standard/default users with their passwords, and the special authorizations associated with users like SAP* and DDIC. Additionally, it highlights the purpose of the EARLYWATCH service for monitoring system performance and stability.

Uploaded by

Androhat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
28 views3 pages

User Administartion

The document outlines user administration terminologies and types within an SAP system, detailing mandatory fields for user creation, roles, profiles, and user types such as Dialog, System, and Communication users. It also explains different user locks, standard/default users with their passwords, and the special authorizations associated with users like SAP* and DDIC. Additionally, it highlights the purpose of the EARLYWATCH service for monitoring system performance and stability.

Uploaded by

Androhat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

User Administration

terminologies:
Address Data:
 Last name Mandatory

Logon Data:
 User type: Dialog (Default)
 Initial Password: Mandatory field
 User Group
 Validity Period

SNC: Secure Network Communication


 When this is activated, User does not need to enter password to login to sap system.
 Generally, this is enabled for BASIS and SECURITY team.

Parameters:
Roles –
 Assigning authorizations through roles.

Profiles –
 Profiles are interlinked with roles, and they get assigned automatically when
roles are assigned.
 Maximum no. of profiles that can be assigned to one user is 312.

Groups –
 Assign users to extra groups if user belongs to that group.

Personalization – no need to enter.


License Data – related to licensing of users.

User Types:
1. Dialog User: Default user type, interactive user, password parameters are applied, GUI
login is allowed.
Ex – All Employees
2. System User: Used for internal communication, password parameters are not applied,
GUI logon is not allowed.
Ex – Background Processing, Internal RFC.
3. Communication User: Used for external communication, password parameters are
applied, GUI logon is not allowed.
Ex – RFC (remote function call)
4. Service User: Used for multiple dialog logons, password parameters are not applied, GUI
login allowed.
Ex – FFID in GRC.
5. Reference User: Used for providing extra access to Dialog users. When the access limit is
reached (312 Profiles), No password required, cannot login through GUI.

Different type of user locks:


0 – Not Locked
32 – Global Lock (CUA)
64 – Administrator Lock
128 – Incorrect Logon Locks – Number of attempts with incorrect password

Standard Users / Default Users


 User ids which exist by default after installation, initial login into the system would
be done with these ids

User ID Password Client


SAP* pass / 06071992 All
DDIC 19920607 000, 001
SAPCPIC admin 000, 001
EARLYWATCH support 066

SAP*: SAP* is super user, all clients


 SAP* is hard coded in AS ABAP systems and does not require a user master record!
 If a user master record for SAP* does not exist in a client, then anybody can log on to
the AS ABAP as the user SAP* using the default password PASS.
 In this case, System will not check authority for SAP* and has all authorizations.
DDIC: super user 001, 000
 User DDIC is a user with special authorizations for installation, software logistics, and
the ABAP dictionary.
 SAP NetWeaver Application Server (AS) creates the user master record for user DDIC
automatically in clients 000 and 001 when you install your SAP system.
 The installer also assigns the default password for this user that you designated as
the master password during installation.
 The system code allows user DDIC special authorizations for certain operations. For
example, DDIC user can logon when the SAP system is in upgrade status, whereas no
other user can login during that period.

SAPCPIC: 001, 000


 A SAPCPIC user is used for calling certain programs and function modules in an SAP
system and is a non-dialog user.
 You should lock this user and change the password for this user to protect it.

EARLYWATCH: Alert service, 066


 SAP EarlyWatch Alert is an automatic service for critical system errors. EarlyWatch
analyses the essential administrative areas of SAP system and gives solutions to
improve performance and stability.
 SAP EarlyWatch Alert is most effective when activated for all SAP components in
your solution.

You might also like