JAVA USERS FOR SAP

1. SAP* in J2EE

The user is established with full authorizations for the administration.
With regard to security, the user has no standard password assigned.
To utilize this user as emergency user the properties in the UME need to be maintained.
Setting the ume.superadmin.activated property to true will activate the use of this user for emergency cases.
Setting a password in ume.superadmin.password will then activate the user finally after the restart of the engine.
While the user SAP* is in use, all other users will be inactivated during this time.
When the system is fixed, the deactivation can be achieved by setting the ume.superadmin.activated property to false.

2. J2EE_ADMIN_<SID>
This user is the Java standard user with full administration authorization in this environment. The password is to be assigned during the set up.
High complexity is recommended for this password.

3. J2EE_GUEST
This user is a Java standard user who can be utilized for anonymous access.
The user is locked per default. The password is assigned during the installation.

4. SAPJSF_<SID>
This user is a standard communication user for LDAP [Lightweight Directory Access Protocol] data sources.

5. ADSuser
This standard user is utilized for the communication between Java and ADS
[Adobe Document Service].

6. caf_mp_scvuser
This standard user is utilized in the context of the Composite Application Framework (CAF) core transport system and communication with other Java services.

Read More

Standard users in sap

Standard Users

With the installation of a SAP system, some standard users are created in the individual clients or system environments. Some of these users have already high authorizations from the beginning, and of course most of them have standard passwords assigned that are generally known.

These special users need special treatment and special protection.

1. SAP*
The user SAP* exists right after the installation in all clients. He has the composite profile SAP_ALL, S_A.SYSTEM assigned and with that all relevant authorizations for the system set up.

SAP has implemented a backdoor [coding] for this user.
If someone deletes the user SAP*, a login is possible with the standard password PASS including the corresponding SAP_ALL authorizations.

To prevent a login of the SAP* after a deletion, the parameter login/no_automatic_user_sapstar can be utilized.

With a parameter setting to 0 the login is possible.
Any value higher than 0, prevents a login after the deletion.

The standard password after deletion is PASS.
The standard password for this user directly after the installation is 06071992.

The preferable method to protect this user is the deactivation of SAP* :

- Remove all authorizations from this user.
- Lock the user account.
- Set the parameter login/no_automatic_user_sapstar to 1.

- Activate the audit log for this user.

You can also consider to assign this user to a user administration group that is protected by a dual control principle.

This report RSDELSAP deletes the user SAP*in the client 066. The corresponding source code is not active but available.

2. DDIC
The user DDIC is established in the client 000 and 001 with the installation
[and copies of these].
This standard user is uitilized to cover installation and release updates including changes to the data dictionary. The use of the transport management system is restricted to Display only.
This is the protection against direct developments.
As the technical steps related to this process are initiated in the client 000, the DDIC only needs to be a dialog user in this client.
In all other clients he can be set to the user type “system”.
The standard password for this user directly after the installation is 19920706.

The report RDDPWCHK allows to check the password that is assigned to the user DDIC. In case the password matches, the dialog window will be closed. For mismatches the message False is displayed.
The counter for false login does not count these password detection attempts.

3. TMSADM
The user TMSADM is automatically created at the set up the change and transport management system in the client 000.
His user type is “Communication”, and he is utilized for transports by the CTS.
He has the profile S_A.TMSADM assigned that authorizes the use of RFC with display of the development environment e.g. as well as writing to the file system.
The standard password for this user directly after the installation is PASSWORD.

4. SAPCPIC
The user SAPCPIC is created as a “communication” user at the installation and is utilized especially for EDI. The standard profile S_A.CPIC restricts the access to the use of RFC.
This user is coded into the function module INIT_START_OF_EXTERNAL_PROGRAM together with his standard password. This needs to be considered in case of password changes for this user.
The standard password for this user directly after the installation is ADMIN.

5. EARLYWATCH
The user EARLYWATCH is created in the client 066 at the installtion. He can be utilized for remote control by SAP and is only set up with some standard authorizations S_TOOLS_EX_A for performance monitoring. The user is to be locked in general, and can be unlocked upon request.

Evaluation
For the evaluation of the passwords you may use the report RSUSR003.

Read More

Different method to view lock users ...

To view locked users in sap.

1) Call transaction su10
Click on authorization data and scroll down
check the locked users only field as shown in figure and execute (F8).

LOCKED USERS

 

2) Call transaction sa38 and run the program RSUSR006 . You will get a list of locked users.
3) Goto transaction ewz5 you will get users with locked status
4) Run report EWULKUSR in transaction sa38 to get the list.
5) Call transaction SUIM , goto
a) authorizations > User > User by complex search criteria >List of User Master
Records Locked Due to Incorrect Logon
or
b) user > unsuccessful logons

Read More

ADMINISTRATION

ADMINISTRATION 

1.  SAP Basis Monitoring ABAP stack - I

2.  Increase/Decrease workprocesses

3.  SAP Parameters: Static/Dynamic

4.  Deleting a SAP lock

5.  Configuring Early Watch Report

6.  Troubleshooting Update deactivation

7.  Identifying long running background jobs

8.  Troubleshooting long running jobs

9.  Spool and Output request

10. Troubleshooting spool overflow issue

11. Troubleshooting locktable overflow issue

12. Difference between Config tool and Visual Administrator

13. Scheduling basis standard jobs

14. Activating SAP* user

15. Change and Transport System(CTS) in SAP

16. Avoiding TIMEOUT dumps in SAP

17. Changing SAP Parameters

18. Background Job statuses

19. Configuring printer in SAP

20. RFC creation in SAP

21. Importing transport in SAP

22. Troubleshooting long running transport

23. Compress or extract process of SAR file

24. Operation Modes setup

25. Deleting operation modes

26. Concept of client in SAP

27. Viewing clients in SAP

28. Opening client in SAP

29. Important Client related transaction codes

30. Viewing the contents of a table in SAP

31. Running a report in SAP

32. Troubleshooting when no one is able to login to SAP system

33. Dpmon tool and its usage

34. Terminating user session in SAP

35. Applying a SAP note

36. Posting system message

37. Adding SAP system to SMSY of solution manager 

38. SAP Web Dispatcher and its functions

39. Activating emergency user in java only system

40. How to unlock if SDM user id got locked in SAP?

41. Complete CPA cache refresh and Delta CPA cache refresh procedure in PI or XI systems

42. Important SAP Basis Transaction codes - 1

43. Important SAP Basis Transaction codes - 2

44. Important SAP Basis Transaction codes - 3

45. Manual import process of a transport at Os level using TP program

46. SAP Java Monitoring Check List 1

47. SAP Profiles

48. SAP Java Monitoring Check List 2

49. Types of RFC communication in SAP

50. How to view import history of transports in SAP?

51. How to maintain single sign on certificate for Service Market Place(SMP)?

52. How to find out sap gui version and patch level ?

53. How to troubleshoot MESSAGE_TYPE_X dump in SAP?

54. SAP Basis Training

55. How to start or stop livecache in SCM or APO system?

56. Live Cache Monitoring in SAP

57. How to check transactional RFCs status in SAP?

58. SAP System Log

59. How to create an Oss message?

60. How to set PI SOAP Adapter 7.1 trace level to Debug?

61. How to identify various ports of an SAP system?

62. How to view Oss messages based on various criteria?

63. CCMS - Availability and Performance Overview

64. How to open config tool in SAP?

65. How to increase size of a trace file in SAP?

66. Transport Error - Transport control program tp ended with an error

67. Applying SAP License

68. How to download SAP kernel

69. Gateway Monitoring in SAP

70. How to restart java stack from abap stack in SAP ?

71. How to avoid debugging impossible dump in SAP?

72. When file system is full, what needs to be done?

73.How to change developer trace level in SAP?

74.What are different developer traces in SAP?

75.How to open OSS connection to an SAP system?

76. SAP Basis/Netweaver/Security Forum

77. What is the difference between homogeneous system copy and heterogeneous system copy?

78. How to perform mail configuration in SAP?
79. SAP Netweaver layers and its offerings
80. Explain different usage types in SAP Netweaver
81. SDM Modes, start/stop process
82. How to access SDM tool in SAP?
83. How to view SAP support pack schedule?
84. How to restart any java application in SAP Netweaver AS Java?
85. Explain JVM in SAP?
86. Logon Group Configuration in SAP

Read More

EARLY WATCH ALERT

CONFIGURING EARLY WATCH ALERT

To configure Early watch alert some specific settings to be done at managing system (Solution manager system) and satellite system( or managed system – for which EWA report to be generated)

Following are the steps to configure EWA in a satellite system :

1)      Check whether latest versions of ST-A, ST-PI, ST-A/PI packages are installed in the managed/satellite system

(This check can be done going to system->status -> Component information display in any sap screen)

2)       If they are installed, run RTCCTOOL report from SE38 transaction code of satellite system.

Check the output of the report. If there are some errors or warnings in the output of the report, please take corrective actions and run the report again and ensure there are no errors

3)      Setup RFC connection between your satellite system and the solution manager system

An RFC connection can be made between 2 systems using Transaction code SM59

4)      Setup RFC connection between your solution manager and the SAP service market place

5)      Assign the solution monitoring roles to the users

6)      Setup your satellite system in a solution landscape of the solution manager(SMSY)

7)      Make sure SLD is configured and working fine for satellite system (using Rz70 and SLDCHECK transactions)

8)      Activation of SDCCN in satellite system (Goto SDCCN transaction. Then click on Utilities -> Activate)  then confirm for SDCC_OSS destination creation

9)      In satellite system, goto SDCCN transaction and navigate to Goto -> Settings -> Task specific.

In the resulted screen, select RFC destination and provide the solution manager RFC from the satellite system and set solution manager RFC as the master system.

10)   Addition of satellite system in solution manager system in SDCCN :

Goto SMSY transaction in solman system and then navigate to Environment -> Solution Manager Operations -> Adminstration SDCCN to add the new service data control centre to the solution manager.

Click on add system button to add the new SDCC to the solution manager. When prompted, please select the respective system and client from the resulting screen and confirm

11) Early watch service session activation for satellite system:

In the solution manager system, execute transaction code solution_manager  and navigate to operations -> Earlywatch Alert and press create button. This prompts you to confirm the date and time to run the report. Please provide the details and confirm to trigger the generation of the report

12)   Login to satellite system, goto transaction code SDCCN and press create button which displays a screen to select a task to be executed. Select request session data task  and click continue. You will be prompted to enter the schedule time to run the report. Click now to execute it immediately. After that you can see an early watch session running in SDCCN.

13)   After completion of this session run successfully, an Earlywatch Alert will be generated and this can be viewed in Solution_manager of Solution manager system.

Read More