SAP * And ddic user lock analysis and solutions

SAP * And ddic are two default superusers in the SAP system. They will automatically exist in the system after installation. The default password can be specified during installation, after installation, you can also modify it. The two users have the largest permissions and have the sap_all permissions. However, sometimes the system administrator forgets the password or the two users are locked due to multiple incorrect logon attempts. If other users with administrators cannot log on to the system, we only use the following methods:

Delete from usr02 where mandt = '<client>' and bname = 'sap *'

This solution can reset the initial password of the sap * User. Next, we can use the pass initial password to log on to the corresponding client. Next, we can use sap * to unlock the user ddic. From the statement point of view, we deleted all the user information and logon password of sap * from the usr02 table. The usr02 table records the information of all users of the system, so why can we use sap */pass to log on to the system after deletion? This is because sap * is a special user. The user and initial password have been added to the SAP kernel by hardcoded. If the system cannot find sap * In usr02, the user's logon information will be read from the kernel. However, other users are different. If the user is deleted from usr02, the user does not exist.
 
Note that you can log on to sap * only when login/no_automatic_user_sapstar is set to 0. If login/no_automatic_user_sapstar is set to 1, you cannot log on to sap.

Reference: http://www.cnblogs.com/SlashOut/archive/2008/07/05/1236208.html