Question:
hello gurus
what is the use of ddic user.i think for installing patches or plugin also we cannot use the ddic user.why is it created then.
please help
kaul
Answer:
READ MY LIPS! Never, never, never use SAP* or DDIC to apply patches or add-ons. You can get yourself into a mess due to the fact that these users do not have the authority to change customer objects.
DDIC usually owns some of your standard cleaup jobs created during installation. And you can't delete SAP* since if it is missing in a client, it backdoors to a user of sap* with a password of pass so it is technically not there but there.
I wouldn't mess with them. Change the password for both users to something incredibly crptic with alpha characters, numbers and special characters. Besides, if you lock yourself out somehow, these are good users to have around!
BTW, this thread is being moved to the SAP Security forum.
Answer:
DDIC stands for Data Dictionary and that is why the DDIC user is needed. There are certain tasks that should be performed under user DDIC such as SPAU, and this is also the user that is used during initial installation. DDIC is used to initialize the SAP_ALL authorizations the first time and can be used to do this if necessary. DDIC is a super user that must be protected from use or logged by security administrator when it is used.
_________________
Gary Morris
SAP Security Analyst/Developer
garymorris@sapsecurity.net