Password Changer Creation

Now we will head to Delinea Secret Server and create the password changer within the solution that we will leverage to make password changes on SAP HANA databases.

1. Open Secret Server with sufficient administrative privileges. Head to Admin | Remote Password Changing.

2. Click Configure Password Changers. Scroll to the bottom of the page and click New.

3. We want to Select the Generic ODBC (Datasource) as the base password changer. Give the password changer a name (like SAP HANA Password Changer) and then click Save.

   

4. Press on the Edit button and you will need to enter the Connection String as follows:

   DRIVER={HDBODBC};UID=$USERNAME;PWD=$PASSWORD;SERVERNODE=$SERVER

   

   Or (depending on requirements for optional specifying of the database): DRIVER={HDBODBC};UID=$USERNAME;PWD=$PASSWORD;SERVERNODE=$SERVER;DATABASENAME=$DATABASE

   It is also possible to create a separate password changer that uses the database context as well, if required. These must be separate password changers and cannot be “optionally” used together.

5. Return to the password changer main screen and click Edit Commands.

6. Set the Verify Password Changed Commands as a command that the user will have privilege to run, should they be successfully logged on to the database instance.

   

The example given here is:

SELECT * FROM SYS.M_DATABASES

This command can, however, be modified depending on the permissions that the user will (or will not) have on the database instance itself. This can also be left blank, if native connector verification is to be used and a command not tried on the database itself (not as recommended as a verification method).

The password change command is:

ALTER USER $USERNAME PASSWORD $NEWPASSWORD