Technical Articles
HANA SYSTEM user can be locked for too many failed logon attempts (starting with Rev.102)
Today, I face a problem regarding to invalid username and password for DB system user whereas the password was never changed or forgot (not sure if somebody has input a wrong password several times before).
Background Information: Our HANA version: SPS 10 Rev.102.02
As I check with SAP HANA Administration Guide of SPS 10, it mentions that the SYSTEM user will not be locked regardless of the number of failed logon attempts in Number of Allowed Failed Logon Attempts. However, the user information page shows a warning like that the system user with status: suspicious Too many invalid connect attempts.
At that time, I had no idea about how to fix this situation but to try ALTER USER SYSTEM RESET CONNECT ATTEMPTS. The warning information of system user disappears and I successfully logon the system with the known password of user SYSTEM š .
I take sometimes to search note regarding to the password of user SYSTEM, then get the following noteĀ 2251556 – SAP HANA SYSTEM user can now be locked for too many failed logon attempts and 2216869 – Security improvement of HANA authentication
Starting from SAP HANA Revision 102, the SYSTEM user can be locked if logon attempts fail for too many times, just like the other database users. š„
Solution:
1. ALTER USER SYSTEM RESET CONNECT ATTEMPTS (create a backup user with the “USER ADMIN” system privilege before)
2. Set parameter password_lock_for_system_user to false (Not recommended)
Hopes this blog will help to fix this kind of password problem.
Regards,
Ning Tong
Hi Ā Ning Tong,
Thanks for the nice blog.
I have another user which doesn't have user admin privilege.
My SYSTEM user is locked now, I didn't set the parameter to false.
Can you give any suggestions on this scenario?
Thanks & Regards,
Muthu.
Please temporarily change parameterĀ password_lock_for_system_userā value as āfalseā using another user with proper authorization.
Run the hdbenv.sh file and then execute the command hdbnameserver -resetUserSystem
my senario is this is a tenant DB. i have access to master DB. is it possible to unlock system user of tenant db using the master db system user?
Two possible methods:
1.Ā login to the TENANT database with other user ID which having the USER ADMIN privilege. Go to Security > Users > change the password.
2.Ā Reset the SYSTEM User Password of a Tenant DatabaseĀ as per NoteĀ 2274157 ā How to Reset System User Password for Tenant Database ā SAP HANA
Dear Tong,
Many thanks for sharing your knowledge, was very helpful for me and save me time to solve it.
I very grateful š
Luis Benavides Andrade
Hello hope everyone is fine
after using