1.) Logon as DB admin (on oracle: ora, for informix: informix)
2.) Run the SQL program of your database (on oracle: sqlplus, for informix: dbaccess, for MS Sql Server: MMC Management)
3.) IMPORTANT: Make a current snapshot of the table. Do an export on table USR02 (Oracle: use the command exp, Informix: use dbexport) …
Alternative: Create a table copy of USR02
This will be used if anything goes wrong.
4.) Now do a SELECT command on table USR02.
The idea is to check if SAP* is present in the client you want.
(Command: SELECT * FROM USR02 WHERE MANDT=’XXX’ and BNAME=’SAP*’
.. MANDT here is the client) … this is an optional step …
5.) The next step is to make a copy of the SAP* table record (to be used on step #9). For Oracle, create a temporary table with USR02 structure
and insert the value SAP* from the client that you want.
For Informix, you may just copy the exported USR02 data and edit it using vi to delete other records other than SAP* .. or use the same steps as in Oracle.
6.) Delete the record SAP* ON THE REQUIRED CLIENT ONLY on table USR02.
(Command: delete from USR02 where MANDT=’XXX’ and BNAME=’SAP*’).
Commit the changes, if needed.
7.) Now logon to SAP. Use the ID SAP* and password PASS (or 06071992).
You can now edit the password for the DDIC user id.
You have to create a user id or give authorization to DDIC (if needed) to access transaction SU01.
8.) Logout from SAP.
9.) Insert the deleted record (SAP* record) back to USR02 using the saved copy.
10.) Logon back to SAP but this time logon as DDIC or any user that has authorization in using transaction SU01.
11.) Reset the password for SAP*.
12.) Do clean-ups (remove the temporary tables created or files)
SAP has hardcoded the user SAP* in its code. This hardcoded SAP* has all the authorizations needed to administer SAP ECC. But if a SAP* user id is created and found on table USR02, the hardcoded SAP* is deactivated and the profiles given to the new SAP* becomes active.
Commands will vary for the other databases but the idea is basically the same (manipulate user id SAP* on table USR02 using SQL commands).
Note: Only SAP* can be manipulated since it is hardcoded …
the other user ids has its profiles and authorizations stored in a different table.