Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SAP* user security

Go to solution
Uppdeep_Mann
Product and Topic Expert
Product and Topic Expert

on ‎2020 May 01 11:04 AM

0 Likes
1,032

Hi,

To secure SAP * user , parameter login/no_automatic_user_sapstar is set to 1.

Additionally,do i still need to delete its authorizations or delete user SAP* in all clients including client 000?

What can be consequence if I remove this user?

Thanks & Regards,

Uppdeep

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
pau_torregrosa
Participant
‎2020 May 01 11:41 AM

Hi Uppdeep,

SAP recommendation is to set parameter login/no_automatic_user_sapstar to a value greater than 0, and create a user master record (SU01) for SAP* in all clients, with no authorizations. That is more secure than not having a user master record for SAP*, because as soon as you don't have a user master record, the only thing securing SAP* from missue is the parameter you mentioned. Having also a user master record with no authorizations adds extra security.

Regards,

Pau.

Show replies
Show replies
Uppdeep_Mann
Product and Topic Expert
Product and Topic Expert
‎2020 May 01 1:02 PM
0 Likes

Thanks Pau for your answer.

There is one point mentioned in link at sap help : https://help.sap.com/doc/saphelp_nw70/7.0.31/en-US/4f/3eb3f249aa2eb5e10000000a42189c/content.htm?no_...

6. Deactivate all authorizations for SAP* in all clients except for those required by SAP License Administration (transaction SLICENSE)

Trying to understand that why one client in system should be exception.!!?

pau_torregrosa
Participant
‎2020 May 01 2:09 PM

Hi Uppdeep,

Not sure, looks like there might be a scenario where you might need to delete or install a License Key, and using SAP* would be the only option to perform that action, so leaving SAP* with just SLICENSE authorizations would allow you to administer license keys in case it's needed.
Check SAP Note 917936, and the bellow link:

https://help.sap.com/saphelp_nwpi711/helpdata/en/db/4a8338d22aa947e10000009b38f8cf/content.htm?no_ca...

Hope that helps.

Regards,

-Pau

Ask a Question