Question:
I'm having a little hesitation with modifying SAPCPIC - there are multiple OSS notes indicating issues with SAPCPIC's existence, changing it's password, etc.(e.g., 3310, 32050, 37104, 758210).
And, OSS Note 29276 is somewhat unclear since all the Solution steps list past releases, so it's unclear if in 4.6C there still remains any impact from changing the password - although some of the OSS notes above are more recent that this one, so I'm presuming there are.
Before we go ahead, I'm hoping to get any 'gotchas' from anyone whose encountered them in by changing this IDs password.
Thank you,
Vincent
Answer:
It will only be an issue if the ID is used in an RFC destination. You can de an SE16 search of table RFCDES to see if the ID is used, if it is not you should change the access and shcne the password. report RSUSR003 will tell you where you have a possible backdoor in your system with id SAPCPIC, EARLYWATCH, SAP* an dDDIC
Answer:
So, what about all the OSS notes indicating the need for this ID for background processes - that the ID must exist in order for processing to occur:
3310: In SM51. the processes and users of a server cannot be displayed
37104: The user SAPCPIC (password = ADMIN, type = CPIC) must exist in the R/3 client in which the job started
32050: RSCOLL00 report runs infinitely, incomplete data ... user SAPCPIC is missing
758210: Older versions of the 'sapinfo' program used SAP* ... as of 40B ... SAPCPIC user
Won't these be affected by changing the password?
Answer:
No, look at the DATE and version these aply to. Report RSUSR003 tells you SPECIFICALLY your Ids are in vilation of"non-trivial" passwords and need to be changed.
Answer:
You can de an SE16 search of table RFCDES to see if the ID is used
I was just going to post a thread on this as I had the same question, but found this with a search.
Pardon my ignorance, but where in RFCDES in SE16 can you see whether the user ID is used? I have looked in here, but see no user names.
Answer:
Thre is a long string that has all the target system information. If you are displaying all the fields and you can't see anything that looks like a user id then you probably haven't saved any user ids.
Answer:
THe string in the record has 'U=xxxxx' where xxxxx is th e user ID. you can search the table with a *SAPCPIC* to find if the ID is used.
Answer:
Caution: It is one of the places in SAP which are CAPS-sensitive. There is also an error in the "display" sellection. You don't get what you ask for.
RFCDES will not tell you whetehr SAPCPIC or other IS USED. But rather, whether it could be used by a program without requiring specific knowledge of the logon dates.
Tarr
Answer:
Hi ,
I got this entry in RFCDES table . It says user as = SAPCPIC
a I
M=200,U=SAPCPIC,L=E,v=3FB20DF66CA32E419606388B51,
Does that mean that I cannot lock SAPCPIC user in production system.
Pls advice,
Thanks,
Chittaranjan
Answer:
The entry in RFCDES is
destination :- a
Type :- 'I'
M=200,U=SAPCPIC,L=E,v=3FB20DF66CA32E419606388B51,
I cannot find corresponding entry for type I destinations.
Can somebody advice ?
Answer:
I got this entry in RFCDES table .
Is this from an R/3 connection (TYPE 3) which still works (meanin, you can use this connection and don't need to enter user name / password)?
It says user as = SAPCPIC
a I
M=200,U=SAPCPIC,L=E,v=3FB20DF66CA32E419606388B51,
Does that mean that I cannot lock SAPCPIC user in production system.
It means, you should change SAPCPIC's password (use a longer and really secure password).
And you shouldn't post the v=hex_string in a public forum after adjusting the RFC connection.
Answer:
Hi,
Can anybody confirm whether it is safe to lock and change password for SAPCPIC .Our SAP release is 4.6D .And I have an enrty in RFCDES table which seems to be using user SAPCPIC as follows.
Connection : a
TYpe :- I
M=200,U=SAPCPIC,L=E,v=3F*,
Thanks
suman