Sunday 28 July 2013

Administration: How to unlock & reset SAP* user in Oracle

Under certain circumstances administrator would require to use the user: SAP* to login to the SAP system. Ex: the administrator login has been locked accidentally and require a super user to unlock it.

In this sample we'll reset the user "SAP*"  in an IDES.

Steps:

1) Example of the administrator and the SAP* user failed to login into system.

2) Login with the OS user "<SID>adm" (ex: eccadm) and connect to sqlplus.

3) Search for the SAP schema used.
    SQL command:  select OWNER from DBA_TABLES where TABLE_NAME='T000';

4) List the SAP* table. UFLAG not equal to 0 mean account been locked.
    SQL command: select UFLAG, BNAME, MANDT from SAPSR3.USR02 where BNAME='SAP*';

5) Unlock the SAP* password in relevant client.
    SQL Command: update SAPSR3.USR02 set UFLAG=0 where BNAME='SAP*' and MANDT=000;

6) Reset the SAP* password by deleting the relevant row.
    SQL Command: delete from SAPSR3.USR02 where BNAME='SAP*' and MANDT=000;

7) Change the profile parameter
     Set the parameter "login/no_automatic_user_sapstar=0" either directly in the default.pfl file or with an user      with TCODE: RZ11 permission and reboot the SAP system once the parameter been changed.
     In windows environment: "C:\usr\sap\ECC\SYS\profile\DEFAULT.PFL" add the parameter at the end of      the file.


8) Reboot the SAP system.

9) The system able to access with user: SAP* and password: pass

Notes:
- Default password for sap* is pass / 06071992
- Another built-in user for ides: user: idadmin, password: ides

5 comments:

  1. great sir..

    we salute your work..
    please carry on..

    ReplyDelete
  2. It seems correction is required here:

    RZ11 allows us to change only the dynamic parameters, not static.
    As the parameter "login/no_automatic_user_sapstar" is static, change is not allowed in RZ11. The correct Tcode is RZ10.

    ReplyDelete