Protecting Special Users

Clients 000, 001 and 066 are created when your R/3 System is installed. Two special users are defined in clients 000 and 001. Since these users have standard names and passwords, you must secure them against unauthorized use by outsiders who know of their existence.

Note that no special user is created in client 066.

The two special users in the R/3 System are as follows:

SAP* is the only user in the R/3 System that does not require a user master record, but that is instead defined in the system code itself. SAP* has by default the password PASS, as well as unlimited system access authorizations.

When you install your R/3 System, a user master record is defined for SAP* with the initial password 06071992 in Clients 000 and 001. The presence of a SAP* user master record deactivates the special properties of SAP*. It has only the password and the authorizations that are specified for it in the user master record.

To secure SAP* against misuse, you should at least change its password from the standard PASS. For security reasons, SAP recommends that you deactivate SAP* and define your own superuser.

The user master record for user DDIC is automatically created in clients 000 and 001 when you install your R/3 System. The default password for this user is 19920706. The system code allows user DDIC special privileges for certain operations. For example, DDIC is the only user that is allowed to log on to the R/3 System during an upgrade.

To secure DDIC against unauthorized use, you must change the initial password for the user in clients 000 and 001 in your R/3 System.

For more details, see the following topics:

Securing User SAP* Against Misuse

Securing User DDIC Against Misuse