Client 001 and 066 deletion

Questions that will be answered in this blog:

  • Why delete clients 001 and 066?
  • How to delete clients 001 and 066?
  • How to test the deletion before executing in a productive environment?

Why delete clients 001 and 066?

The clients 001 and 066 had a purpose in the past and do not have them any more.

The only thing they do now is pose a security threat. Access can be gained to these clients, for example via standard SAP users, and from these client you could take over the system via a cross client attack. Background on client 066 can be found in OSS note 1897372 – EarlyWatch Mandant 066 – Can Client 066 be deleted?.

Also unwanted batch jobs might be still running from these clients consuming resources.

For an S4HANA system conversion, these clients must be deleted.

You can use SAP Focused Run security and configuration validation to quickly detect existance of client 001 and/or 066. Read more in this blog.

How to execute client 001 and 066 deletion?

You can delete client 001 and 066 according to the instructions in SAP note 1749142 and on the respective blog “How to remove unused clients including client 001 and 066” on SCN.

Testing the deletion

The deletion can be tested on a development and QA system before it is done on productive system. If really in doubt copy the productive system to a different system and perform the deletion there first as a test.