Protecting the Database Standard Logins (SAP Library - Microsoft SQL Server on Windows)

Protecting the Database Standard Logins

The SQL Server database standard logins are necessary for the SAP system to connect to and to administer the database. To prevent unauthorized use of the associated privileges of these logins you should change from time to time their passwords.

The following table shows the relevant SQL Server standard logins.

SQL Server Standard Logins

Login Name	Type
sa	SQL Server system administrator
SAP<SAPSID>DB	SQL Server login for Java database user
<sapsid>	SQL Server login for ABAP database user
<sapsid>adm	Login for operating system account
SAPService<SAPSID>	Login for operating system account

Protecting the sa Login

The login sa has system administration privileges for MS SQL Server. It is not needed for standard operations. If you log on as sa you can perform all available tasks on the server without any restrictions. It is important to assign a password to this user during or directly after the installation of SQL Server. For more information, see Changing Passwords for SQL Server Logins.

Protecting <sapsid>adm and SAPService<SAPSID> Logins

The <sapsid>adm and SAPService<SAPSID> logins have system administrator rights. If, for example, you run two SAP systems on one instance, you can have access to both systems with these users.

The <sapsid>adm and SAPService<SAPSID> logins can connect to the SQL Server using the Windows authentication mode. You should therefore, protect the logins with strong passwords. For more information, see Changing Passwords of Windows Accounts.

Be aware that after changing the password for <sapsid>adm and SAPService<SAPSID>, you also need to specify the new password in the services used for the SAPsystem, and restart the services.

Protecting the SAP<SAPSID>DB Login

You should protect the SQL Server login for the Java database with a strong password. Be aware that after changing the password for <SAP<SAPSID>DB, you also need to update the password in the Secure Store of the Java instance. For more information, see Changing Passwords for SQL Server Logins.