What is the need of checking report RSUSR003?
Sometimes you need to check whether all standard users are not having default password or exists.
Having a default password of SAP* in production system can lead to a major security breach.
Here we are going to open execute report RSUSR003 in our HANA production system.
To know more about HANA Architecture please refer to Hana Architecture Overview
Go to SE38 and then enter program name RSUSR003 and press execute button.
Next screen will be List format. Click execute button without entering any value.
We will see below screen.
From the above screen, we can see that we have two clients 000 and 500 and standard users are DDIC, SAP*, SAPCPIC, and TMSADM.
Now we need to understand what does these password status mean.
1. Exists; Password not trivial –
This means that the user exists in the system but the password maintained is not the standard password.
2. Does not exist. Logon possible with p/w PASS. See Note 2383 –
If we will refer to SAP Note 2383, we will find more information about SAP*.
- We know that SAP* is created during installation and does not have a user master record in the system. We should not treat SAP* like any other user.
- We all know that SAP* is know the user and its default password is also know to everyone, so we should copy it and make another superuser which is not common and have an uncommon password.
- Whereas we should change the default password of SAP*
- Thereafter deactivate SAP* so that no one can log in via SAP*
3. Password is well known –
It means that the password is very common and we should change it immediately. It’s mainly in the case of SAP*. We don’t have this status in the above screenshot.
4. Doesn’t exist –
It means that the mentioned user is not created in the system.
To know about SAP BASIS daily monitoring and does and don’t please refer – SAP Daily Monitoring T-Codes