Whenever a new SAP system is built, upgraded, copied, or restored from backup, one of the very first tasks a SAP Security Administrator should do is to check whether the default standard users provided by SAP has had their default password changed, locked, in in some cases, have their profiles removed.
Below are the default passwords for the standard users in SAP.
|SAP*||SAP system super user||000, 001, and 066
|EARLYWATCH||Dialog user for the Early Watch service||066||support|
|DDIC||Software logistics and ABAP Software logistics super user||000 and 001||19920706|
A report that can be run to make sure the default passwords for the standard SAP users above is RSUSR003. This report will list all standard users in each client and will indicate whether the standard password has been changed.
To run this RSUSR003 report:
1. Go to transaction SA38
2. Enter RSRUSR003 in the program feild
3. Click the Execute button on the top-left or press F8
4. Uncheck “Display Profile Parameters”
5. Hit Execute or press F8
6. You will now see a list of standard SAP users along with information indicating whether the user is locked and if the password has been changed from it’s default password.
Depending on your organization’s requirements, you may have some, all, or none of the users locked. But you definitely want to make sure that at the very minimum, your default password has been changed. Hope you find this information on RSUSR003 helpful.
– SAP Security Help