on 10-29-2018 10:11 AM
Hi,
On SAP HANA 2.0 SPS03, Is it recommended doing any modification like deactivating login permissions, disabling password lifetime check for _SYS_* or _SYS_STATISTICS technical users.
Regards,
Raghavendra.
I can't answer why the _SYS_STATISTICS user is not disabled, but altering its password or disabling it altogether is not possible.
If you try to alter the user you get
Could not modify user '_SYS_STATISTICS'. SAP DBTech JDBC: [258]: insufficient privilege: Alter of internal user is not allowed: line 1 col 12 (at pos 11)
With that. no user can just change the password and logon as _SYS_STATISTICS.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Florian
Yes, All the techical users are deactivted by default on SAP HANA 2.0 SPS03 but the _SYS_STATISTICS techical user is not deactivated by default.
Here is the ouput of sql quary on SAP HANA 2.0 SPS03
hdbsql SYSTEMDB=> SELECT USER_NAME,USER_DEACTIVATED from "PUBLIC"."USERS" WHERE LOWER(SUBSTRING(USER_NAME,1,4)) = '_sys' or LOWER(USER_NAME)='sys';
USER_NAME,USER_DEACTIVATED
"SYS","TRUE"
"_SYS_STATISTICS","FALSE" < ---------------------------------
"_SYS_EPM","TRUE"
"_SYS_REPO","TRUE"
"_SYS_SQL_ANALYZER","TRUE"
"_SYS_TASK","TRUE"
"_SYS_AFL","TRUE"
"_SYS_WORKLOAD_REPLAY","TRUE"
"_SYS_XB","TRUE"
lines 1-10/10 (END)
Regards,
Raghavendra.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
All pre-defined technical users like SYS, _SYS_* should already be deactivated by default for logon (like described here). You should check the recommendations for database users, roles, privileges + all other recommendations in the HANA security guide (for instance the recommendations related to user SYSTEM).
Regards,
Florian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.