Skip to Content

Predefined Users in SAP HANA

A number of predefined operating system and database users are required for installing, upgrading, and operating SAP HANA. Further users may exist depending on additionally installed components.


Here's a brief overview of all such users. More detailed information is available in the linked documentation, which is part of the SAP HANA platform documentation available on SAP Help Portal.


Note that this information is valid for SAP HANA SPS 12.


Operating System Users

The following operating system (OS) users are created during the installation of SAP HANA.


Component

User

Purpose/Description

Link to More Info

SAP HANA Database

sapadmUser required to authenticate to SAP Host AgentPredefined Users - SAP HANA Security Guide - SAP Library
<sid>admAdministration user that owns all SAP HANA files and all related operating system processes
OS users for tenant databases in mulitple-container system configured for high isolationAdministration user that owns all SAP HANA files and all related operating system processes of a particular tenant database

SAP HANA Extended Application Services, Advanced Model (XSA)

XS_ADMIN

Administrative user for the XS advanced application server, has unlimited access to Controller API

Predefined XSA Users - SAP HANA Security Guide - SAP Library

HDI_BROKER_CONTROLLER

User for HDI Broker API

sap_sb

User for UAA Broker API

Database Users

Depending on the components you installed, several database users will be available after installation or must be created for a specific purpose.

Database users may or may not correspond to real people. Users that do not correspond to real people are referred to as "technical database users". Most standard technical database users are used internally to perform certain tasks and it's not possible to log on with them.

Component

User

Purpose/Description

Link to More Info

SAP HANA Database

SYSTEM

Database superuser

Predefined Users - SAP HANA Security Guide - SAP Library

SYS

Technical database user that owns database objects such as system tables and monitoring views

XSSQLCC_AUTO_USER_
<generated_ID>

Technical database users automatically generated on activation of SQL connection configurations

_SYS_AFL

Technical user that owns all objects for Application Function Libraries

_SYS_EPM

Technical database used by the SAP Performance Management (SAP EPM) application

_SYS_REPO

Technical database user used by the SAP HANA repository (SAP HANA XS, classic model).

_SYS_STATISTICS

Technical database user used by the internal monitoring mechanism of the SAP HANA database

_SYS_TASK

Technical database user in SAP HANA Enterprise Information Management. This user owns all task framework objects.

_SYS_WORKLOAD_REPLAY

Technical database user used by capture and replay capability of the SAP HANA Performance Management tool.

_SYS_XB

Technical user for internal use only

SAP HANA Extended Application Services, Advanced Model (XSA)

SYS_XS_RUNTIME

Owns the Controller’s SAP HANA schema containing BlobStore, ConfigStore and SecureStore

Predefined XSA Users - SAP HANA Security Guide - SAP Library

SYS_XS_UAA

Owns the UAA’s SAP HANA schema for user management

SYS_XS_UAA_SEC

Owns the UAA’s SAP HANA secure store for the user credentials

SYS_XS_HANA_BROKER

Owns the HDI Broker’s SAP HANA schema

SYS_XS_SBSS

Owns SAP HANA schema containing procedures to generate user passwords in a secure manner; used by the HDI Broker

_SYS_DI

Owns all HDI SQL-based APIs, for example all API procedures in the_SYS_DI schema and API procedures in containers

_SYS_DI_*_CATALOG

Technical users used by the HDI to access database system catalog tables and views

_SYS_DI_SU

Technical superuser of the HDI created at installation time

_SYS_DI_TO

Owns transaction and connections of all internal HDI transactions

Further technical users for HDI schema-based containers

See documentation

SAP DB Control Center

Administration user (e.g., DCC_ADM)

Database user required for the SAP DCC administrator who adds, imports, and removes systems.

Setting up SAP DCC for the First Time - SAP DB Control Center 4 Guide - SAP Library

Configuration user (e.g., DCC_CONFIG)

Database user required for the configuration of SAP DB Control Center

Collector user (e.g., DCC_COLLECTOR)

Technical database user used by SAP DCC for data collections and other background tasks.

Technical user (e.g. SAPDBCC)

Technical database user used by SAP DCC to identify systems that can be added for management and to monitor the health of systems once they're added. This account is not intended for human users.

SAP HANA Dynamic Tiering

_SYS_ES

Technical database user used by dynamic tiering; automatically created when you create extended storage. _SYS_ES logs on internally through the dynamic tiering service. SAP HANA Dynamic Tiering Administration Guide - SAP Library

ES_ADMIN

Administrator user that should only be used by administrators for troubleshooting and with the guidance of SAP support. Dynamic Tiering Administration User - SAP HANA Dynamic Tiering Administration Guide - SAP Library

SAP HANA Accelerator for SAP ASE

sa

Administrator user used to establish the connection between SAP HANA and SAP ASE. The user can assign administration control to selected SAP ASE login accounts.

Permissions - SAP HANA Accelerator for SAP ASE: Administration Guide - SAP Library

SAP HANA Smart Data Streaming

SYS_STREAMING

Technical database user used to perform policy administration functions such as granting and revoking privileges

SYS_STREAMING and SYS_STREAMING_ADMIN - SAP HANA Smart Data Streaming: Security Guide - SAP Library

SYS_STREAMING_ADMIN

Technical database user used to perform all tasks in smart data streaming, except publishing or subscribing to streams

SAP HANA Smart Data Integration and SAP HANA Smart Data Quality

No additional standard database users available or required

SAP HANA Advanced Data Processing: File Loader

FLACCESS

Technical database user used for file loader access

File Loader Guide for SAP HANA

FLADMIN

Technical database user used for file loader administration

FLDBCONN

Technical database user used for file loader connections to the SAP HANA database

SAP HANA Spatial

Content viewer user

Database user required to view geo content using the Geo Content viewer tool SAP HANA Spatial Reference 

Create a User to View Geo-Content - SAP HANA Spatial Reference - SAP Library

Geospatial Metadata Installer user (for example RESTRICTED_USER)

Database user required to use the Geospatial Metadata Installer

Create Database Users - SAP HANA Spatial Reference - SAP Library

Connection user (for example, CONNECTOR)

Database user required to establish the required SQLCC connection and modify the defined database object using Geospatial Metadata Installer

SAP HANA Remote Data Sync

SYS_SYNC

Technical database user that performs synchronizations for Remote Data Sync clients.

SAP HANA Remote Data Sync: Security Guide

SAP HANA Trigger-Based Data Replication Using SAP LT Replication Server

Connection user

Initial technical database user required to create a database connection from the SAP LT Replication Server to the SAP HANA system

Security Guide for Trigger-Based Data Replication Using SAP Landscape Transformation Replication Server

Replication user

Technical database user required to connect from the SAP LT Replication Server to the SAP HANA system for replication. One replication user is created for each replication schema. The replication user has the same name as the corresponding schema.

Tags:

No comments