Changing Database User Passwords in an SAP System


Changing DB user's passwords using SQL commands is not advisable in some cases. The DB user's passwords are encrypted and stored in SAP tables or files which need to be updated with the new password. If you are using any custom script with passwords hardcoded, you will have to update them as well.

1. Changing DB Password for sapr3, sap<sid>, sap<xyz> or sapsr3

The passwords for DB users used by the ABAP engine are stored in the table SAPUSER. When the password is changed, the change must reflect in the table. To ensure that this is consistently done, use BR Tools:
brconnect -f chpass -o [sapr3 | sap<sid> | sap<xyz> | sapsr3] -p <new_password>
If the password changed using SQL command, the work processes, R3trans, saplicense etc will show error with return code ORA-01017.

2. Changing DB Password for sap<sid>db, sap<xyz>db or sap<sr3>db

The passwords for DB users used by J2EE engine are stored in the file /usr/sap/<SID>/SYS/global/security/data/SecStore.properties. The contents of this file are encrypted and can only be changed using config tool.

To change the password
1. Start the config tool
2. Select secure store
3. Open another command prompt and change the password using BR Tools
brconnect -f chpass -o [ sap<sid>db | sap<xyz>db | sapsr3db] -p <new_password>
4. Go back to config tool and update the password against the parameter jdbc/pool/<SID>/Password

It is advised that the passwords be changed with SAP applications stopped.

1 comment:

Thanks for giving it a read. Please bookmark or subscribe to RSS feeds if you would like to keep up with this blog.