Non-technical users without password lifetime
Ever got this as a security check remark?

This is how I solve that in the ansible task:
- name: "TENANTDB - USERS - AUTOMATION - CREATE USER" command: "/usr/sap/{{hdb_sid|upper}}/HDB{{instance_nr}}/exe/hdbsql -a -x -i {{instance_nr}} -d {{tenant_name}} -u SYSTEM -p {{tenantdb_system_password}} \" {{item}} \" " environment: LD_LIBRARY_PATH: "/usr/sap/{{hdb_sid|upper}}/HDB{{instance_nr}}/exe" when: users_tenantdb.stdout is not search(hana_automation_user|upper) with_items: - "CREATE USER {{hana_automation_user}} PASSWORD {{hana_automation_user_password}} NO FORCE_FIRST_PASSWORD_CHANGE VALID UNTIL FOREVER" - "GRANT ENCRYPTION ROOT KEY ADMIN, ROLE ADMIN, USER ADMIN, AUDIT ADMIN, INIFILE ADMIN to {{hana_automation_user|upper}}" tags: [ create_automation_user ]
Run you code again. In the AMS8 Lab I use AWX, which I love. You can rerun, rerun until your done just from within the GUI.

If you now go back to the security checklist:

I am checking the systems with SAP HANA Cockpit 2.0 SP12 Patch 13.
Happy coding.