Register Login

Reset SAP* password

Updated May 18, 2018

Consider the following situation:-

You have been put on some project on which you need to apply patches to the system. but unfortunately, your previous admin forgot to give you the password for SAP* user.....

You are trying to change the password for sap* user, however when you go into su01 and enter sap* as the username, the following message is displayed, user sap* does not exist.
.......Well ........
You can survive the situation......

You can delete the SAP* user using ABAP code :-

Delete from usr02 where bname = 'SAP*' and mandt = '***';
Where '***' means your client no.

Then login to your client using password SAP* and password PASS, However, if you delete it, then it will automatically be created once again with password PASS The user id, SAP*, is delivered with SAP and is available in clients 000 and 001 after the initial installation. In these 2 clients, the default password is 07061992 (which is, by the way, the initial date when R/3 came into being...). It is given the SAP_ALL user profile and is assigned to the Super user group. When I say it is "delivered" with SAP, I mean that the user id resides in the SAP database; there are actually rows in the user tables used to define user ids. If you delete the user id, SAP*, from the database, SAP has this user id defined in its kernel (the SAP executable code that sits at the operating system level, i.e., disp+work). When this situation exists, the password defined in the SAP code for SAP* is PASS. This is necessary when you are performing client copies for example, as the user information is copied at the end of the process. You can sign into the client you are creating while a client copy is processing using SAP* with password PASS (but you should have a good reason to do this - don't change anything while it's running).

Anyway, if the SAP* user id is missing, you can sign in to the client you want and simply define it using transaction SU01 and, as I stated above, assign it to the SUPER user group and give it the SAP_ALL profile. You define its initial password at this point. If you've forgotten its password and don't have a user id with sufficient authorization to create/change/delete user id, then you can use the SQL statements to delete it from the database and then you can use SAP* with PASS to sign back into the client you want to define it in and recreate it.

There is also a profile parameter which can override the use of SAP* with PASS to close this security hole in SAP (login/no_automatic_user_sapstar). When this parameter is defined either in your DEFAULT.PFL profile or the instance-specific profile and is set to a value of '1', then the automatic use of SAP* is deactivated. The only way to reactivate the kernel-defined SAP* user id at this point would be to stop SAP, change this parameter to a value of 0 (zero), and then restart SAP. The default password for SAP* is 06071992. (DDIC has 19920706)