Enforcing password blacklist policy in HANA
When creating new passwords, users are not allowed to use blacklisted words or partial words. Use SQL commands to insert or delete words or partial words from the password blacklist table.
● For inserting terms into and deleting terms from the password blacklist, you must have INSERT and DELETE privileges on either the table (_SYS_PASSWORD_BLACKLIST) or the entire _SYS_SECURITY schema.
● To view the contents of a table only, you must have the SELECT privilege.
The password blacklist in SAP HANA has been implemented with the table following table
Note: This table is empty when you create a new instance.
You can add records to and delete records from the _SYS_PASSWORD_BLACKLIST table using the INSERT and DELETE SQL commands. You must specify values for all three columns described below:
Following table describes columns of the _SYS_PASSWORD_BLACKLIST table.
Lets see one example
In this example, the passwords “SAP”, “my_sap_pwd” and “sap_password” would not be allowed,
INSERT INTO _SYS_SECURITY._SYS_PASSWORD_BLACKLIST VALUES (‘sap’, ‘TRUE’, ‘FALSE’)
regardless of how the password layout and minimal password length are defined in the corresponding parameters.