Skip to Content

Overview

If the SYSTEM user’s password is lost, you can reset it as the operating system administrator by starting the index server in emergency mode. If your HANA DB is Multitenant, this process will not work.  My HANA DB revision was 102.04

Prerequisites

You have the credentials of the operating system administrator (<sid>adm).

Procedure

Step1: Log on to the server on which the master index server is running as the operating system user (that is, <sid>adm user).

Step2: Open a command line interface.

Step3: Shut down the instance by executing the following command:

/usr/sap/<SID>/HDB<instance>/exe/sapcontrol -nr <instance> -function StopSystem HDB

Step3.png

Step4: In a new session, start the name server by executing the following commands:

/usr/sap/<SID>/HDB<instance>/hdbenv.sh

/usr/sap/<SID>/HDB<instance>/exe/hdbnameserver

Step4.png

This will stay hanged state…

Step5: In a new session, start the compile server by executing the following commands:

/usr/sap/<SID>/HDB<instance>/hdbenv.sh

/usr/sap/<SID>/HDB<instance>/exe/hdbcompileserver

Step5.png

This will stay hanged state…

Step6: In a new session, start the index server by executing the following commands:

/usr/sap/<SID>/HDB<instance>/hdbenv.sh

/usr/sap/<SID>/HDB<instance>/exe/hdbindexserver -resetUserSystem

Step6.png

The following prompt appears: resetting of user SYSTEM – <<<new password>>>

Step7: Enter a new password for the SYSTEM user.

You must enter a password that complies with the password policy configured for the system.

The password for the SYSTEM user is reset and the index server stops.

Step8: In the terminals in which they are running, end the name server and compile server processes by pressing CTRL+C.

Step9: In a new session, start the instance by executing the following command:

/usr/sap/<SID>/HDB<instance>/exe/sapcontrol -nr <instance> -function StartSystem HDB

Note:

In a scale-out system, you only need to execute the commands on the master index server.


Results

The SYSTEM user’s password is reset. You do not have to change this new password the next time you log on with this user regardless of your password policy configuration.

To report this post you need to login first.

3 Comments

You must be Logged on to comment or reply to a post.

  1. Osvaldo Manuel Dias Ferreira

    Hi Pallab.

    Thanks for sharing.

    Let me just add something. SYSTEM user should not be used frequently in Prod Systems.

    As the most powerful database user, SYSTEM is not intended for use in production systems. Use it to create lesser privileged users for particular purposes and then deactivate it.

    It is highly recommended that you do not use SYSTEM for day-to-day activities in production systems. Instead, use it to create database users with the minimum privilege set required for their duties (for example, user administration, system administration). Then deactivate SYSTEM.

    Source: SAP_HANA_SECURITY_GUIDE.

    Regards.

    Osvaldo Dias Ferreira

    (0) 
  2. Sandeep Chavala

    HI Pallab,

     

    Well explained. I have a scaleout env and i want to know where is mater index server running from OS level, How do i find it. Thanks.

    (0) 

Leave a Reply