Is there any harm on changing user SAPCPIC’s password?
The user SAPCPIC was used in older releases (less than 4.0) for communication purposes, via RFC, between ABAP systems.
SAPCPIC was used mainly by program SAPXPG in order to return the delivery outputs of external programs again to R/3 system.
As of Release 4.0, another acknowledgement mechanism has taken its place.
Therefore, since then, there is no problem in changing its password through SU01 and even lock or delete the user if required, as this is considered obsolete in newest releases, although SAP do not recommend to delete users (so that history data can be kept for compliance & auditing purposes).
Hopefully this information will be helpful to you.
Very useful ℹ
I just noted it. Thank you 🙂
As SAP dose not suggest to delete it but it suggests to change the password of the SAP default ids every quarter else it will appear in the Early watch report and the same can be questioned by auditors as well.
Very Informative. Many Thanks.
Best Regards,
Naresh K.
This blog is a bit misleading...
The password was hard coded to be able to log the user on, simply for it to be able to bypass authorization checks but still perform rfc calls WITH connection to a user context eben although no checks happened.
If you do not use the user yourself (sm59, jobs, etc) then it is best to delete it (as it's existence exempts it from some checks - so if you can connect a session ID to it then you can also run some ABAP functions and not just external programs (as Felipe correctly indicated).
-> do not use SAPCPIC and delete it.
You can also generally desctivate CPIC type calls via one of the "gw" parameters. Cannot exactly remember the name and there is a useful SAP Note on SAPCPIC, but perhaps Felipe can add it to the blog.
Cheers,
Julius