on 10-09-2015 12:35 PM
Hi Experts,
Am raising this question for a SOX compliance issue in our ECC production system.
As per SOX compliance guideline we should not use DDIC user except transport and we are not using DDIC anywhere in our production environment.
Recently in transaction ST03N we have found that report/program sapstartsrv has been called out with user DDIC via RFC calls which includes function modules RFCPING & TH_GET_PARAMETER
Kindly give your suggestions on the below
1. Why program sapstartsrv has been called out with DDIC user with internal RFC destination?
2. How do we prevent this?
Thanks,
Preetha Balan
Hi Preetha,
have you found answer to this DDIC log entry ?
We are currently investigating the same thing on our system.
Thanks,
Matěj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Matej,
We have raised a OSS message to SAP and below is the response, hope this will help you
==========================================================
There are few web methods in sapstartsrv that
connect to the local ABAP instance
via RFC to call certain function modules.
Corresponding webmethods calling these function modules are:
GetProcessParameter, SetProcessParameter,
SetProcessParameter2, ABAPAcknowledgeAlerts, ABAPGetComponentList,
ABAPCheckRFCDestinations.
These webmethods are used for certain User actions in SAP MMC / MC and
sapcontrol. In recent releases
a MYSAPSSO2 ticket for the user defined by profile parameter
#rdisp/start_service_user# (default 000/DDIC)
is used, or the caller of the webmethod needs to provide a different
ABAP user and password.
This is why you have seen DDIC in the ST03 statistics and SM20 logs.
===========================================================
Thanks,
Preetha Balan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Preetha ,
SAPMSSY1 is an event controlled program
Have you configured the solution manager system to communicate with the current system ?.
If yes , Check the RFC connections ( in SM59 ) with the solution manager and check whether using DDIC user is used for the communication .
Thanks ,
Manu
Hi Preetha ,
Have you scheduled any Background Jobs ( Basis Standard Jobs ) using the user DDIC . [ You might need to go through each job -> step to find out this ]
Have you recently done any upgrade / Patching operations using the SUM tool
?
Thanks ,
Manu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.