Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Use of DDIC User as a Firefighter ID

Former Member
0 Kudos

Hello,

We are rolling out the Firefighter in our SAP 4.7 R/3 system. Our

Basis team is inquiring about using DDIC as a Firefighter ID.

Obviously, this would require that we change the user type for DDIC

to 'Service'.

Does anyone see a reason why we should not make this change and use the DDIC user as a Firefighter ID?

Your response is greatly appreciated!

Kind Regards,

Joe Klein

3 REPLIES 3

Former Member
0 Kudos

HI Joe,

I am not sure aout what you actually mentioned as fire fighting ID!!!! DDIC is a default user id created with some special authorizations in 000 & 001 clients for supporting the installation and other maintanence activities.

The best practice is , to change the default password to avoid unauthorized logging with default password.

Award points if it clears your doubt.

regards,

Vinodh.

Former Member
0 Kudos

Thank you for your response Vinodh.

I am very aware of the purpose of DDIC. Here is the reason we want to have DDIC only accessible through the Firefighter transaction:

We have outsourced our Basis team and we want to monitor when they use the DDIC user ID. We currently have a program that prints nightly reports on the usage of the DDIC user. However, since we are rolling out Firefighter to our IT team, we were asked if we can add the DDIC user ID into scope of the implementation.

So, the question really is: Is there anything that DDIC would not be able to do (that it normally could do, to perform Basis administration) by changing the user type to 'Service'? Are there any other risks about using DDIC only through the Firefighter tool?

Thanks in advance for your responses!

Warm Regards,

Joe

0 Kudos

Hi Joe,

we are currently investigating a similar question: "Can DDIC be changed to a background (system) user".

What I found out so far is that SAP don't officially recommend it but several customers have done it already and so far no problems were reported.

Just make sure it's done on your production clients only and not the SAP delivered ones (000, 001, 066).

We haven't tried it ourselves yet and I'm not sure if the same applies to a "Service" user. Looking at the definitio of "service" user you might introduce some risk here as I assume people could still logon with it outside of Firefighter? And in that case you could have multiple users logging on with that ID whereas otherwise you could restrict multiple logon through a system paramter. And I think that Firefighter also only allows logon once per Firefighter ID.

Another option to track what your users are doing with DDIC is to switch on the Security Audit Log and log all activities for that user.

Kind regards

Petra

Message was edited by:

Petra Merkel