Extensive inforamtion for special user SAP*:
SAP* is a "hard-coded" user that does not have a user master record in the delivery system, is not subject to any authorization checks (and therefore has all authorizations), and has an unchangable password.
SAP* is not treated like a "normal" user until a user master record is created for it. As long as the user master record exists, SAP* is subject to authorization checks and can be assigned a different password.
Because SAP* is a known user with a known password, you should create a user master record for SAP* before your system goes live, and replace that user by another, secret "super user".
SAP* should not have any authorizations (empty profile list)
SAP* should be assigned a new password
SAP* should be assigned to user group SUPER.
then deactivation of the "automatic SAP*", is executed
The group assignment prevents the SAP* user master record from being deleted so easily, provided the other SAP recommendations regarding user maintenance and authorization maintenance and the pre-defined S_USER* profiles are used for user and authorization maintenance.
As an additional security measure you can lock user SAP* by the administrator.
Note that user SAP*, just like any other R/3 user, is client dependent.
This means that you have to perform the specified security measures in every client.
- Tcodes are not running in super user
- Difference Between Power user, Core User, End User, Super user
- How to copy user/users from one client to another client? Should i login to system as a super user sap*?
- How to get list of materials with full description. ?
- Material description MATXT comes from where?