Protecting the sa Login

The login sa has system administration privileges for MS SQL Server. It is not needed for standard operations. If you log on as sa you can perform all available tasks on the server without any restrictions. It is important to assign a password to this user during or directly after the installation of SQL Server. Normally, this login is disabled during the installation of the SAP system. For more information, see “Changing Passwords for SQL Server Logins”.

Protecting the SAP<SAPSID>DB Login

You should protect the SQL Server login for the Java database with a strong password. Be aware that after changing the password for <SAP<SAPSID>DB, you also need to update the password in the Secure Store of the Java instance. For more information, see “Changing Passwords for SQL Server Logins”.

Protecting the <sapsid> Login

You should protect the SQL Server login for the ABAP database with a strong password. For more information, see “Changing Passwords for SQL Server Logins”.

Protecting <sapsid>adm and SAPService<SAPSID> Logins

The <sapsid>adm and SAPService<SAPSID> logins have system administrator rights. If, for example, you run two SAP systems on one instance, you can have access to both systems with these users.

The <sapsid>adm and SAPService<SAPSID> logins can connect to the SQL Server using the Windows authentication mode. You should therefore, protect the logins with strong passwords. For more information, see “Changing Passwords of Windows Accounts”.

Be aware that after changing the password for <sapsid>adm and SAPService<SAPSID>, you also need to specify the new password in the services used for the SAP system, and restart the services.