Checking the Password Status of Standard SAP Users

Whenever a new SAP system is built, upgraded, copied, or restored from backup, one of the very first tasks a SAP Security Administrator should do is to check whether the default standard users provided by SAP has had their default password changed, locked, in in some cases, have their profiles removed.

Below are the default passwords for the standard users in SAP.

User Description Clients Default Password
SAP* SAP system super user 000, 001, and 066

New Clients




EARLYWATCH Dialog user for the Early Watch service 066 support
DDIC Software logistics and ABAP Software logistics super user 000 and 001 19920706

A report that can be run to make sure the default passwords for the standard SAP users above is RSUSR003. This report will list all standard users in each client and will indicate whether the standard password has been changed.

To run this RSUSR003 report:

1. Go to transaction SA38

2. Enter RSRUSR003 in the program feild

3. Click the Execute button on the top-left or press F8

Execute RSUSR003 in SA38

Ener RSUSR003 and press F8

4. Uncheck “Display Profile Parameters”

5. Hit Execute or press F8

RSUSR003 - Uncheck Display Profile Parameters

RSUSR003 - Uncheck Display Profile Parameters

6. You will now see a list of standard SAP users along with information indicating whether the user is locked and if the password has been changed from it’s default password.

RSUSR003 Report

RSUSR003 Report

Depending on your organization’s requirements, you may have some, all, or none of the users locked. But you definitely want to make sure that at the very minimum, your default password has been changed. Hope you find this information on RSUSR003 helpful.

– SAP Security Help

This entry was posted in Security, Tutorial and tagged , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *