It is critical and essential to protect your database users in a SAP system. A database can be an Oracle database, SQL Server or a MYSQL Database. You need to protect the standard users from these databases. Password should be protected for standard users and they should be changed regularly.
The following table shows the list of standard users in the Windows environment. Password should be maintained for all these users.
|User Name||Type||Password Change Method|
|<SID>ADM||Operating System User||OPS$ mechanism|
|SAPServic<SID>||Operating System User||OPS$ mechanism|
|SYS (internal)||Operating System User||SAPDBA|
|SYSTEM||Operating System User||SAPDBA|
|SAPR3||Operating System User||SAPDBA|
To create an OPS$ user, you need to login with the <SID>ADM. You should first stop SAP System if it is running and then execute the command given below.
Create user OPS$<adm_user> default tablespace psapuserid temporary tablespace psaptemp identified externally;
Here the <adm_user> is −
<SID>ADM for older Oracle releases
<domain_name>\<SID>ADM latest releases
Then you should follow the steps given below −
Grant connect, resource to OPS$ <adm_user>l;
Create table SAPUSER ( USERID Varchar(20), PASSWD VARCHAR2(20));
Insert into SAPUSER values (‘SAPR3’,’<password>);
Alter user SAPR3 identified by <password>;
In a similar way, you can create OPS$ for SAPService<SID>. In the following command, you should use SAP_service_user instead of adm_user.
Create user OPS$<SAP_service_user> default tablespace psapuserid temporary tablespace psaptemp identified externally;
Here the <SAP_service_user> is −
SAPService<SID> for older Oracle releases
<domain_name>\SAPservice<SID> for latest releases
It is necessary to manage passwords for standard users in your database. There are various utilities that you can use for a password change.
Password can be changed for a DBA user using the command line or GUI. To change the password using the command line, you should use the following command −
Sapdba [-u <user1>/<user1_password>] –user2 <user2_password>
In above command, user1 is the database user that SAPDBA uses to logon into the database.
<user1_password> is the password for user1’s password.
<user2> shows the database user for which the password should be changed.
<user2_password> is the new password for the same user.
In case you want to login using username “SYSTEM” with its default password, you can omit –u from the command.
Sapdba –u system/<system_password>] –sapr3 <sapr3_password>
The SVRMGRL is an old utility that was shipped with prior releases of Oracle and has been used to perform database functions mentioned below. In the latest releases, the Server Manager commands are now available in SQL*Plus.
To change the password, you should follow the steps given below −
The next step is to update the SAPUSER table by entering the command given below −
Update OPS$ <SID>ADM.SAPUSER set PASSWD = ’<new_password>’ where USERID = ’SAPR3’;
You should update the password for SAPR3 in the database using the command line.
Alter user sapr3 is identified by <new_password>