Skip to Content
Technical Articles
Author's profile photo Jascha Meiswinkel

@sap/datasphere-cli: Reset Database User Passwords

This blog post is part of a series of blogs I published about @sap/datasphere-cli. Find all blog posts related to this topic in my overview blog post here.

The Node.js-based Command-Line Interface (CLI) for SAP Datasphere, @sap/datasphere-cli hosted on npmjs.com, allows you to interact with your SAP Datasphere tenant from the terminal or command line. Since version 2023.1 you can use the CLI to reset and retrieve new passwords for the database users in your space.

Introduction

Since the release of SAP Datasphere version 2023.1, you can now use the SAP Datasphere Command-Line Interface (CLI) to reset and retrieve new passwords for your database users in your spaces. This allows you to fully automate the handling of database users by using the CLI to create, update, and delete database users in your space.

In this blog post, I walk you through all the steps and highlight the new command to reset and retrieve new database user passwords.

Before you start with the first step, you need to initialize the cache of the CLI again, if you haven’t done this after version 2023.1 had been deployed into your tenant, using the datasphere cache init command. I’m using the OAuth Client-based login mechanism using the datasphere login –secrets-file command. I have set the host I’m working with globally using the datasphere host set command, so that I don’t have to repeat the host and credentials with each and every command throughout this blog.

$ datasphere host set https://myhost.eu10.hcs.cloud.sap/
$ datasphere login --secrets-file /path/to/secrets/file.json 
$ datasphere cache init

Code Sample 1 – Updating the CLI

Since this is a server-side enhancement only, you are not required to install a new version of the @sap/datasphere-cli module from npmjs.com. You can use the new command to reset the passwords with versions of @sap/datasphere-cli less than 2023.x, for example, 2022.24.0.

Creating a Space

I’m using the CLI to create a space with a technical ID MYEXAMPLESPACE and description “My Example Space” with only minimal configuration. I do only specify two database users MY_FIRST_DB_USER and MY_SECOND_DB_USER in my space and omit the optional properties, falling back to default values.

{
  "MYEXAMPLESPACE": {
    "spaceDefinition": {
      "version": "1.0.4",
      "label": "My Example Space",
      "assignedStorage": 0,
      "assignedRam": 0,
      "members": [
        {
          "name": "JKANNGIESSER",
          "type": "user"
        }
      ],
      "dbusers": {
        "MYEXAMPLESPACE#MY_FIRST_DB_USER": {
          "ingestion": {
            "auditing": {
              "dppRead": {
                "isAuditPolicyActive": false,
                "retentionPeriod": 7
              },
              "dppChange": {
                "isAuditPolicyActive": false,
                "retentionPeriod": 7
              }
            }
          },
          "consumption": {
            "localSchemaAccess": true,
            "spaceSchemaAccess": true,
            "hdiGrantorForCupsAccess": true
          }
        },
        "MYEXAMPLESPACE#MY_SECOND_DB_USER": {
          "ingestion": {
            "auditing": {
              "dppRead": {
                "isAuditPolicyActive": false,
                "retentionPeriod": 7
              },
              "dppChange": {
                "isAuditPolicyActive": false,
                "retentionPeriod": 7
              }
            }
          },
          "consumption": {
            "localSchemaAccess": true,
            "spaceSchemaAccess": true,
            "hdiGrantorForCupsAccess": true
          }
        }
      }
    }
  }
}

Space Definition Example 1

Using the CLI, I can create the space using the datasphere spaces create command, pointing it to the space definition file using the –file-path option.

$ datasphere spaces create --file-path space.json 

Code Sample 2 – Creating a new space

The space was created successfully.

Successfully%20created%20space

Picture 1 – Successfully created space

Also, the two database users have been created.

Existing%20database%20users

Picture 2 – Existing database users

Reseting Database User Passwords

After you have initialized the CLI again, you find a new command dbusers when running datasphere.

$ datasphere
Usage: datasphere [options] [command]

Command-Line Interface for SAP Datasphere.

Options:
  -v, --version              output the current version
  -H, --host <host>          specifies the url where the tenant is hosted (optional)
  -O, --options-file <file>  path to options file (optional)
  -h, --help                 display help for command

Commands:
  cache                      work with the local CLI cache
  dbusers [options]          manage and orchestrate database users
  help [command]             display help for command
  host                       configure host properties
  login [options]            log in to your account using interactive OAuth authentication
  logout                     log out from your account
  passcode-url [options]     display the passcode url
  secrets                    work with the locally stored secrets
  spaces [options]           manage and orchestrate spaces

Code Sample 3 – New command dbusers

Digging deeper into this new dbusers command, it reveals a subcommand password for working with passwords.

$ datasphere dbusers
Usage: datasphere dbusers [options] [command]

manage and orchestrate database users

Options:
  -H, --host <host>   specifies the url where the tenant is hosted (optional)
  -h, --help          display help for command

Commands:
  password [options]  maintain password of database user
  help [command]      display help for command

Code Sample 4 – datasphere dbusers 

The command datasphere dbusers password again comes with another subcommand reset.

$ datasphere dbusers password
Usage: datasphere dbusers password [options] [command]

maintain password of database user

Options:
  -H, --host <host>  specifies the url where the tenant is hosted (optional)
  -h, --help         display help for command

Commands:
  reset [options]    reset password of database user
  help [command]     display help for command

Code Sample 5 – datasphere dbusers password reset

This command requires two options –space and –databaseuser, specifying the space ID and ID of the database user for which you would like to reset the password. I have removed some of the default options for better readability.

$ datasphere dbusers password reset --help
Usage: datasphere dbusers password reset [options]

reset password of database user

Options:
  -P, --pretty                       pretty-formats JSON responses (optional)
  -S, --space <space>                space id (optional)
  -j, --databaseuser <databaseuser>  database user id (optional)
  -o, --output <output>              specifies the file to store the output of the command (optional)
  -h, --help                         display help for command

Code Sample 6 – Options available for command datasphere dbusers password reset

To reset and retrieve a new password for any of the existing database users within my space, I can provide the space ID and database user ID directly as options to the command. I also use the –pretty option to pretty-format the response. I could also use the –output option to store the response in a file.

$ datasphere dbusers password reset --space MYEXAMPLESPACE --databaseuser MYEXAMPLESPACE#MY_FIRST_DB_USER --pretty
{
  "password": ")@:Nrga/6eQq,RPg3-05SL9.Z%]dL_WO",
  "username": "MYEXAMPLESPACE#MY_FIRST_DB_USER",
  "host": "somehost.hana.prod-eu10.hanacloud.ondemand.com",
  "port": 443
}

Code Sample 7 – Resetting the password of a database user

Please note: You always have to specify the full database user ID like <space ID>#<user ID>. In this example I have specified the ID as MYEXAMPLESPACE#MY_FIRST_DB_USER.

The CLI also allows you to enter the values for the space ID and database user ID interactively, by running the datasphere dbusers password reset command again without specifying the –space and –databaseuser options.

$ datasphere dbusers password reset --pretty
✔ Provide a value for option space (space id): … MYEXAMPLESPACE
✔ Provide a value for option databaseuser (database user id): … MYEXAMPLESPACE#MY_FIRST_DB_USER
{
  "password": "M5|44kP?=9s[6;*=VlRK:/aS4jkJZ@$P",
  "username": "MYEXAMPLESPACE#MY_FIRST_DB_USER",
  "host": "myhost.hana.prod-eu10.hanacloud.ondemand.com",
  "port": 443
}

Code Sample 8 – Resetting the password in interactive mode

Deleting Database Users

To remove any existing database users again, I send the updated space definition file to the tenant, again using the command dwc spaces create, removing any database user I want to delete. In this example I’m deleting the first of the two users. The updated space definition file looks like this.

{
  "MYEXAMPLESPACE": {
    "spaceDefinition": {
      "version": "1.0.4",
      "label": "My Example Space",
      "assignedStorage": 0,
      "assignedRam": 0,
      "members": [
        {
          "name": "JKANNGIESSER",
          "type": "user"
        }
      ],
      "dbusers": {
        "MYEXAMPLESPACE#MY_SECOND_DB_USER": {
          "ingestion": {
            "auditing": {
              "dppRead": {
                "isAuditPolicyActive": false,
                "retentionPeriod": 7
              },
              "dppChange": {
                "isAuditPolicyActive": false,
                "retentionPeriod": 7
              }
            }
          },
          "consumption": {
            "localSchemaAccess": true,
            "spaceSchemaAccess": true,
            "hdiGrantorForCupsAccess": true
          }
        }
      }
    }
  }
}

Space Definition Example 2

After running the same command from Code Sample 2 again, the database users have been updated and the first of the two users had been deleted successfully.

Picture 3 – Updated database access section

Conclusion

I’d be happy to hear your thoughts, ideas, and comments on this tool and what you think would be a nice-to-have enhancement to the CLI, making your life and work with SAP Datasphere easier. Let me know in the comments!

Further Reading

Command-Line Interface for SAP Datasphere on npmjs.com

Command-Line Interface for SAP Datasphere on SAP Help

Assigned Tags

      3 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Jens Rottmann-Matthes
      Jens Rottmann-Matthes

      Hi Jascha,

      this is really cool and a feature I was waiting for for a long time! Thank you. I hope that I will find some time soon to test it and automize my deployment-scripts further.

      Could you please also highlight, which options of the DWC-cli changed (like -D became -m ...) This unfortunately broke a script of mine, which I use in a productive system on a day-to-day basis.

      But the dwc-cli is really helpful for me and my colleagues! One thing which I would also really appreciate is, when you can also include the definition of analytic models in the downloaded json, or is it already available with some undocumented flag?

      Thank you so much for your cool work

      Jens

      Author's profile photo Jascha Meiswinkel
      Jascha Meiswinkel
      Blog Post Author

      Hi Jens Rottmann-Matthes

      thanks for reaching out! Great to hear the CLI helps you a lot in your daily work to automate activities related to SAP Data Warehouse Cloud. 🙂

      In general, we recommend to use the option's long name, for example, --definitions, instead of the short flag (-m, was -D). The reason is that the long names stay stable, the short flags might change.

      Which analytic models are you exactly referring to? Analytical Data Sets (ADS) you can create in the Data Builder as Tables or Views? These should be included already.

      Thanks,
      Jascha

      Author's profile photo Jens Rottmann-Matthes
      Jens Rottmann-Matthes

      Hi Jascha Kanngiesser ,

      I am still heavily using the dwc-cli (or is it now dsp-cli?). Because we are now basing all our reportings on Analytic Models instead af analytical datasets, I would really love the cli to be able to download also the definitions of analytic models.

      Furthermore, it would be great, if dataflows could also be included, but my biggest wish would be for analytic models, as I am doing a regular backup for version control of all our developments with the cli (we have more than 1000 objects and also quite a few spaces).

      Is there any timeline, when the dwc-cli will be able to download Analytic Models?

      Best wishes,

      Jens