Technical Articles
@sap/dwc-cli: Reset Database User Passwords
This blog post is part of a series of blogs I published about @sap/dwc-cli. Find all blog posts related to this topic in my overview blog post here.
The Node.js-based Command-Line Interface (CLI) for SAP Data Warehouse Cloud, @sap/dwc-cli hosted on npmjs.com, allows you to interact with your SAP Data Warehouse Cloud tenant from the terminal or command line. Since version 2023.1 you can use the CLI to reset and retrieve new passwords for the database users in your space.
Introduction
Since the release of SAP Data Warehouse Cloud version 2023.1, you can now use the SAP Data Warehouse Cloud Command-Line Interface (CLI) to reset and retrieve new passwords for your database users in your spaces. This allows you to fully automate the handling of database users by using the CLI to create, update, and delete database users in your space.
In this blog post, I walk you through all the steps and highlight the new command to reset and retrieve new database user passwords.
Before you start with the first step, you need to initialize the cache of the CLI again, if you haven’t done this after version 2023.1 had been deployed into your tenant, using the dwc cache init command. I’m using the OAuth Client-based login mechanism using the dwc login –secrets-file command. I have set the host I’m working with globally using the dwc host set command, so that I don’t have to repeat the host and credentials with each and every command throughout this blog.
$ dwc host set https://myhost.eu10.hcs.cloud.sap/
$ dwc login --secrets-file /path/to/secrets/file.json
$ dwc cache init
Code Sample 1 – Updating the CLI
Since this is a server-side enhancement only, you are not required to install a new version of the @sap/dwc-cli module from npmjs.com. You can use the new command to reset the passwords with versions of @sap/dwc-cli less than 2023.x, for example, 2022.24.0.
Creating a Space
I’m using the CLI to create a space with a technical ID MYEXAMPLESPACE and description “My Example Space” with only minimal configuration. I do only specify two database users MY_FIRST_DB_USER and MY_SECOND_DB_USER in my space and omit the optional properties, falling back to default values.
{
"MYEXAMPLESPACE": {
"spaceDefinition": {
"version": "1.0.4",
"label": "My Example Space",
"assignedStorage": 0,
"assignedRam": 0,
"members": [
{
"name": "JKANNGIESSER",
"type": "user"
}
],
"dbusers": {
"MYEXAMPLESPACE#MY_FIRST_DB_USER": {
"ingestion": {
"auditing": {
"dppRead": {
"isAuditPolicyActive": false,
"retentionPeriod": 7
},
"dppChange": {
"isAuditPolicyActive": false,
"retentionPeriod": 7
}
}
},
"consumption": {
"localSchemaAccess": true,
"spaceSchemaAccess": true,
"hdiGrantorForCupsAccess": true
}
},
"MYEXAMPLESPACE#MY_SECOND_DB_USER": {
"ingestion": {
"auditing": {
"dppRead": {
"isAuditPolicyActive": false,
"retentionPeriod": 7
},
"dppChange": {
"isAuditPolicyActive": false,
"retentionPeriod": 7
}
}
},
"consumption": {
"localSchemaAccess": true,
"spaceSchemaAccess": true,
"hdiGrantorForCupsAccess": true
}
}
}
}
}
}
Space Definition Example 1
Using the CLI, I can create the space using the dwc spaces create command, pointing it to the space definition file using the –file-path option.
$ dwc spaces create --file-path space.json
Code Sample 2 – Creating a new space
The space was created successfully.
Picture 1 – Successfully created space
Also, the two database users have been created.
Picture 2 – Existing database users
Reseting Database User Passwords
After you have initialized the CLI again, you find a new command dbusers when running dwc.
$ dwc
Usage: dwc [options] [command]
Command-Line Interface for SAP Data Warehouse Cloud.
Options:
-v, --version output the current version
-H, --host <host> specifies the url where the tenant is hosted (optional)
-O, --options-file <file> path to options file (optional)
-h, --help display help for command
Commands:
cache work with the local CLI cache
dbusers [options] manage and orchestrate database users
help [command] display help for command
host configure host properties
login [options] log in to your account using interactive OAuth authentication
logout log out from your account
passcode-url [options] display the passcode url
secrets work with the locally stored secrets
spaces [options] manage and orchestrate spaces
Code Sample 3 – New command dbusers
Digging deeper into this new dbusers command, it reveals a subcommand password for working with passwords.
$ dwc dbusers
Usage: dwc dbusers [options] [command]
manage and orchestrate database users
Options:
-H, --host <host> specifies the url where the tenant is hosted (optional)
-h, --help display help for command
Commands:
password [options] maintain password of database user
help [command] display help for command
Code Sample 4 – dwc dbusers
The command dwc dbusers password again comes with another subcommand reset.
$ dwc dbusers password
Usage: dwc dbusers password [options] [command]
maintain password of database user
Options:
-H, --host <host> specifies the url where the tenant is hosted (optional)
-h, --help display help for command
Commands:
reset [options] reset password of database user
help [command] display help for command
Code Sample 5 – dwc dbusers password reset
This command requires two options –space and –databaseuser, specifying the space ID and ID of the database user for which you would like to reset the password. I have removed some of the default options for better readability.
$ dwc dbusers password reset --help
Usage: dwc dbusers password reset [options]
reset password of database user
Options:
-P, --pretty pretty-formats JSON responses (optional)
-S, --space <space> space id (optional)
-j, --databaseuser <databaseuser> database user id (optional)
-o, --output <output> specifies the file to store the output of the command (optional)
-h, --help display help for command
Code Sample 6 – Options available for command dwc dbusers password reset
To reset and retrieve a new password for any of the existing database users within my space, I can provide the space ID and database user ID directly as options to the command. I also use the –pretty option to pretty-format the response. I could also use the –output option to store the response in a file.
$ dwc dbusers password reset --space MYEXAMPLESPACE --databaseuser MYEXAMPLESPACE#MY_FIRST_DB_USER --pretty
{
"password": ")@:Nrga/6eQq,RPg3-05SL9.Z%]dL_WO",
"username": "MYEXAMPLESPACE#MY_FIRST_DB_USER",
"host": "somehost.hana.prod-eu10.hanacloud.ondemand.com",
"port": 443
}
Code Sample 7 – Resetting the password of a database user
Please note: You always have to specify the full database user ID like <space ID>#<user ID>. In this example I have specified the ID as MYEXAMPLESPACE#MY_FIRST_DB_USER.
The CLI also allows you to enter the values for the space ID and database user ID interactively, by running the dwc dbusers password reset command again without specifying the –space and –databaseuser options.
$ dwc dbusers password reset --pretty
✔ Provide a value for option space (space id): … MYEXAMPLESPACE
✔ Provide a value for option databaseuser (database user id): … MYEXAMPLESPACE#MY_FIRST_DB_USER
{
"password": "M5|44kP?=9s[6;*=VlRK:/aS4jkJZ@$P",
"username": "MYEXAMPLESPACE#MY_FIRST_DB_USER",
"host": "myhost.hana.prod-eu10.hanacloud.ondemand.com",
"port": 443
}
Code Sample 8 – Resetting the password in interactive mode
Deleting Database Users
To remove any existing database users again, I send the updated space definition file to the tenant, again using the command dwc spaces create, removing any database user I want to delete. In this example I’m deleting the first of the two users. The updated space definition file looks like this.
{
"MYEXAMPLESPACE": {
"spaceDefinition": {
"version": "1.0.4",
"label": "My Example Space",
"assignedStorage": 0,
"assignedRam": 0,
"members": [
{
"name": "JKANNGIESSER",
"type": "user"
}
],
"dbusers": {
"MYEXAMPLESPACE#MY_SECOND_DB_USER": {
"ingestion": {
"auditing": {
"dppRead": {
"isAuditPolicyActive": false,
"retentionPeriod": 7
},
"dppChange": {
"isAuditPolicyActive": false,
"retentionPeriod": 7
}
}
},
"consumption": {
"localSchemaAccess": true,
"spaceSchemaAccess": true,
"hdiGrantorForCupsAccess": true
}
}
}
}
}
}
Space Definition Example 2
After running the same command from Code Sample 2 again, the database users have been updated and the first of the two users had been deleted successfully.
Picture 3 – Updated database access section
Conclusion
I’d be happy to hear your thoughts, ideas, and comments on this tool and what you think would be a nice-to-have enhancement to the CLI, making your life and work with SAP Data Warehouse Cloud easier. Let me know in the comments!
Further Reading
Command-Line Interface for SAP Data Warehouse Cloud on npmjs.com
Command-Line Interface for SAP Data Warehouse Cloud on SAP Help
Hi Jascha,
this is really cool and a feature I was waiting for for a long time! Thank you. I hope that I will find some time soon to test it and automize my deployment-scripts further.
Could you please also highlight, which options of the DWC-cli changed (like -D became -m ...) This unfortunately broke a script of mine, which I use in a productive system on a day-to-day basis.
But the dwc-cli is really helpful for me and my colleagues! One thing which I would also really appreciate is, when you can also include the definition of analytic models in the downloaded json, or is it already available with some undocumented flag?
Thank you so much for your cool work
Jens
Hi Jens Rottmann-Matthes
thanks for reaching out! Great to hear the CLI helps you a lot in your daily work to automate activities related to SAP Data Warehouse Cloud. 🙂
In general, we recommend to use the option's long name, for example, --definitions, instead of the short flag (-m, was -D). The reason is that the long names stay stable, the short flags might change.
Which analytic models are you exactly referring to? Analytical Data Sets (ADS) you can create in the Data Builder as Tables or Views? These should be included already.
Thanks,
Jascha