cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

schema password for dba's

Former Member

on ‎02-17-2015 9:00 PM

0 Kudos

Hi Folks,

We are in a organisation where BASIS team manages the application and the dba team manages the HANA database.

Should the dba folks be aware of the schema password or else or not.

Becuase DBA's sometimes need to execute queries inside the schema data and give output to end users.

Whats the best practise?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎06-03-2015 10:05 PM
0 Kudos

Hi,

I do not think it is any different with SAP HANA

For Database's other than HANA as well we have been using an approach of sharing the SAP Database user passwords between SAP and Database Team. But we do it using a password vault  application that has to be given an access to DBA's and SAP Administrators

This helps in keeping a track on which individuals have the passwords and easy to identify if there is any event of inappropriate usage of the account

Hope this helps

Sunil

Show replies
Show replies
Former Member
‎06-03-2015 10:48 PM
0 Kudos

For example in db2.

SAP BASIS doesnt share with the DBA team the schema passwords. Since db2 works on OS authentication whereas HANA works on Database authentication. So quite different.

I think in HANA we would be needing the schema password or else if they want to us to delete the entries for SAP* DBA team wouldnt be having the privlege to run the DML statements.

Former Member
‎06-03-2015 10:52 PM
0 Kudos

I was referring to SQL Server Database where we share passwords for the SQL Server user ID's used for SAP

Coming to HANA, I agree with your comments and we do share the passwords for the schema. Again Database Administrators may not be using it on a day to day basis

It would be very useful to share it using a password vault that can track the users whoh can access the password

Sunil

Former Member
‎06-03-2015 11:01 PM
0 Kudos

Yes passsword vault is an excellent tool what you have mentioned is right. But unfortunately our audit policy states that we cannot store passwords anywhere .

Former Member
‎02-23-2015 6:56 PM
0 Kudos

Hi,

The Basis team would be managing the application, and the DBA team would be responsible for the DB events.

In your scenario you can create users in DB and create their roles for DB logins so that every team is restricted according to their access.

Let me know if this help  !!

Also refer to this link below for further information:

PostgreSQL: Documentation: 9.0: Database Roles and Privileges

Thanks,

SRD

Show replies
Show replies
Former Member
‎02-23-2015 12:04 PM
0 Kudos

Folks what do you think?

Show replies
Show replies
Former Member
‎02-23-2015 1:13 PM
0 Kudos

Hi,

The password sharing shouldnt be an issue cause normally DBA teams are involved in your case for backups/restore, maintaince reorgs etc activities. And if you want to track the use of same users you can enable auditing in the system on DB level.

And if As being basis guy if your not maintaining the DB then it can be a compliance issue if there are different teams for Oracle DBA and Basis.

Let us know if this helps your requirement.

Regards,

Ram

Ask a Question