Changing Passwords of the Database Standard Users

The following section provides information on the database standard users, whose passwords you need to change. The users are as follows:

Database Standard Users       

User

Type

Method used to change password

db2<dbsid>

UNIX and database user

UNIX command passwd

<sapsid>adm

UNIX and database user

Program dscdb6up

ABAP database connect user:

·         sapr3

·         sap<sapsid>

UNIX and database user

Program dscdb6up

Java database connect user sap<sapsid>db

UNIX and database user

·         UNIX command passwd

·         Maintainance in secure store. For more information, see Security Aspects for the Database Connection.

Changing Passwords for User db2<dbsid>

This user is the DB2 instance owner. It is the DB2 system administrator and the SAP system database administrator. db2<dbsid> is authorized to execute database and database manager administration functions such as:

·        Creating a database

·        Creating or changing a tablespace

·        Updating DB2 parameters

·        Backing up or restoring the database

db2<dbsid> has the DB2 system administration authorities and belongs to group SYSADM_GROUP.

To change the password for user db2<dbsid>, log on as user db2<dbsid> and enter the passwd command at the UNIX prompt. Enter the old and new password.

If you use Network Information Service (NIS), you should also refer to the NIS guide and the operating system documentation. (Changing the password with an activated NIS may be different from changing it with the passwd command).

It is not necessary but recommended for the password to be the same on all hosts in your SAP system.

Changing Passwords for User <sapsid>adm

This user is the SAP system administrator. <sapsid>adm is authorized to start and stop the SAP system and the DB2 database manager. <sapsid>adm has the DB2 authorities DBADM and the ones belonging to group SYSCTRL_GROUP.

DB2-specific monitoring functions invoked by SAP system application server functions require SYSCTRL authority. The user belongs to group SYSCRTL_GROUP and the operating system group SAPSYS.

To change the password of user <sapsid>adm, use program dscdb6up.

For more information, see the documentation Database Administration Guide: SAP on IBM DB2 Universal Database for UNIX and Windows that is available in SAP Service Marketplace at service.sap.com/instguidesnw2004   ®  Operations.

Changing Passwords of the ABAP Database Connect User

This user is the owner of all SAP system database objects (tables, indexes and views). All SAP System application server connections and accesses are performed under the connect user. The connect user belongs to group SYSMAINT_GROUP and to the operating system group SAPSYS. He is only created on the database server.

The user required at least the database authorizations CREATETAB, BINDADD, CONNECT, and IMPLICIT_SCHEMA. He also needs access to the SAP tablespaces belonging to his <SAPSID>. By default, tablespace access on SAP tablespaces is granted to PUBLIC, that is tablespaces can be accessed by all users that have CONNECT authorisations.

To change the password of the ABAP database connect user (sapr3 or sap<sapsid>), use program dscdb6up.

For more information, see the documentation Database Administration Guide: SAP on IBM DB2 Universal Database for UNIX and Windows that is available in SAP Service Marketplace at service.sap.com/instguidesnw2004   ®  Operations.

Changing Passwords of the Java Database Connect User

This user is the owner of all SAP system database objects (tables, indexes and views). All SAP system application server connections and accesses are performed under the connect user. The connect user belongs to group SYSMAINT_GROUP and to the operating system group SAPSYS. He is only created on the database server.

The user required at least the database authorizations CREATETAB, BINDADD, CONNECT, and IMPLICIT_SCHEMA. He also needs access to the SAP tablespaces belonging to his <SAPSID>. By default, tablespace access on SAP tablespaces is granted to PUBLIC, that is tablespaces can be accessed by all users that have CONNECT authorisations.

By default, only tablespaces <SAPSID>#DBD, <SAPSID>#DBI, <SAPSID>#DBL are used by the Java stack.

For information about how to change the password of the Java database connect user, see Security Aspects for the Database Connection.