Loading...

Creating the SAP HANA HDBUSERSTORE Key

To connect to the SAP HANA database by using the SAP HANA Secure User Store, create a SAP HANA HDBUSERSTORE key. Use a SAP HANA HDBUSERSTORE key instead of a user name and password so that users do not need to enter connection information.

Note: In a HANA replication setup, for example, if you have a replication system of HANA SID where the first two nodes (machine01 and machine 02) are master nodes, and the other two nodes (machine03 and machine04) are standby nodes, create the key on all nodes. When the master nodes are down and the standby nodes become the master nodes, the key will still remain valid and can connect to machine03 and machine04 when machine01 and machine02 are not available.

For information on the SAP Secure User Store, see hdbuserstore on the SAP website.

Before You Begin

Verify that the user associated with the HDBUSERSTORE key has the correct permissions:

  • Backup operations: The DBA COCKPIT privilege is required. For more information, go to the SAP Documentation site, DBA Cockpit for SAP HANA: Authorizations. In the Database Users section, look at the Customer-specific user row.

    To create a SAP HANA database user that has the required backup operation privileges, run the following SQL command:

    CREATE USER MY_BACKUP_USER PASSWORD BackupOnly01 NO FORCE_FIRST_PASSWORD_CHANGE;
    GRANT BACKUP ADMIN, DATABASE BACKUP ADMIN, CATALOG READ, INIFILE ADMIN TO MY_BACKUP_USER;

    where MY_BACKUP_USER is the user name and BackupOnly1 is the password. The user must be created for the SYSTEMDB and all tenant databases, and the user must have the same password for each database.

  • Restore operations or clone operations: To run the CREATE or RENAME statements, the DATABASE_ADMIN privilege is required. For more information, see the SAP documentation site, System Privileges.

    To create a SAP HANA database user that has the required restore operation privileges, run the following SQL command:

    CREATE USER MY_RESTORE_USER PASSWORD RestoreOnly01 NO FORCE_FIRST_PASSWORD_CHANGE;
    GRANT BACKUP ADMIN, DATABASE BACKUP ADMIN, DATABASE RECOVERY OPERATOR, CATALOG READ, INIFILE ADMIN, DATABASE START, DATABASE STOP, TRACE ADMIN, SERVICE ADMIN TO MY_RESTORE_USER;

    Where MY_RESTORE_USER is the user name and RestoreOnly1 is the password. The user must be created for the SYSTEMDB and all tenant databases, and the user must have the same password for each database.

Note: The DATABASE BACKUP ADMIN and DATABASE RECOVERY OPERATOR privileges are supported on SAP HANA 2.0 SPS05 and later versions.

Procedure

  1. Log on as the <SID> admin in SAP HANA, on the command line, type the following command:

    su - <SID>adm
    hdbuserstore -i set <key_name> <client_computer>:3NN13,<client_computer>:3NN15 <user_name> <password>

    where NN is the HANA SID number starting from 00 to 99.

    Example:

    • If you have HANA SID with One Node (machine01 only) with the SID name X01 and instance number 10, use the following command:

      su – x01adm
      hdbuserstore -i set MYKEY machine01:31013,machine01:31015 SYSTEM Password@12

    • If you have HANA SID with four nodes (machine01 to machine04) with SID name Y01 and instance number 99, then create the key only on the node that appears first in the SAP HANA database instance or on the node that the user has manually set to appear as the first node. You do not create the KEY on the other three nodes. To create the key, use the following command:

      su – y01adm
      hdbuserstore -i set MYKEY machine01:39913,machine01:39915,machine02:39913,machine02:39915,machine03:39913,machine03:39915,machine04:39913,machine04:39915 SYSTEM Password@12

  2. On the command line, type the following command to verify the key information.

    hdbuserstore LIST <KEY>

    where, KEY is the SAP HANA HDBUSERSTORE key.

    Example:

    • To verify one node HANA SID machine01:

      hdbuserstore list MYKEY
      KEY MYKEY
        ENV : machine01:31013,machine01:31015
        USER: SYSTEM

    • To verify four node HANA SID machine01 to machine04:

      hdbuserstore list MYKEY
      KEY MYKEY
        ENV : machine01:39913,machine01:39915,machine02:39913,machine02:39915,machine03:39913,machine03:39915,machine04:39913,machine04:39915
        USER: SYSTEM

Last modified: 12/4/2020 7:21:52 PM