Categories
Ansible SAP

SAP HANA Create Technical User

Non-technical users without password lifetime

Ever got this as a security check remark?

Security Checklist -> Users -> Non-technical users without password lifetime

This is how I solve that in the ansible task:

- name: "TENANTDB - USERS - AUTOMATION - CREATE USER"
  command: "/usr/sap/{{hdb_sid|upper}}/HDB{{instance_nr}}/exe/hdbsql -a -x -i {{instance_nr}} -d {{tenant_name}} -u SYSTEM -p {{tenantdb_system_password}} \" {{item}} \"  "
  environment:
    LD_LIBRARY_PATH: "/usr/sap/{{hdb_sid|upper}}/HDB{{instance_nr}}/exe"
  when:  users_tenantdb.stdout is not search(hana_automation_user|upper)
  with_items:
    - "CREATE USER {{hana_automation_user}} PASSWORD {{hana_automation_user_password}} NO FORCE_FIRST_PASSWORD_CHANGE VALID UNTIL FOREVER"
    - "GRANT ENCRYPTION ROOT KEY ADMIN, ROLE ADMIN, USER ADMIN, AUDIT ADMIN, INIFILE ADMIN to {{hana_automation_user|upper}}"
  tags: [ create_automation_user ]

Run you code again. In the AMS8 Lab I use AWX, which I love. You can rerun, rerun until your done just from within the GUI.

Result of task playbook to create a SAP HANA Technical User

If you now go back to the security checklist:

Security Checklist -> Users

I am checking the systems with SAP HANA Cockpit 2.0 SP12 Patch 13.

Happy coding.

By Stuart Eight

Love automation and virtualisation. Have a passion for programming.

Leave a Reply

Your email address will not be published. Required fields are marked *