A number of predefined operating system and database users are required for installing, upgrading, and operating SAP HANA. Further users may exist depending on additionally installed components.
Here's a brief overview of all such users. More detailed information is available in the linked documentation, which is part of the SAP HANA platform documentation available on SAP Help Portal.
Note that this information is valid for SAP HANA SPS 12.
- Operating System Users
- Database Users
- SAP HANA Database
- SAP HANA Extended Application Services, Advanced Model (XSA)
- SAP DB Control Center
- SAP HANA Dynamic Tiering
- SAP HANA Accelerator for SAP ASE
- SAP HANA Smart Data Streaming
- SAP HANA Smart Data Integration and SAP HANA Smart Data Quality
- SAP HANA Advanced Data Processing: File Loader
- SAP HANA Spatial
- SAP HANA Remote Data Sync
- SAP HANA Trigger-Based Data Replication Using SAP LT Replication Server
Operating System Users
The following operating system (OS) users are created during the installation of SAP HANA.
Component | User | Purpose/Description | Link to More Info |
|---|---|---|---|
SAP HANA Database | |||
| sapadm | User required to authenticate to SAP Host Agent | Predefined Users - SAP HANA Security Guide - SAP Library | |
| <sid>adm | Administration user that owns all SAP HANA files and all related operating system processes | ||
| OS users for tenant databases in mulitple-container system configured for high isolation | Administration user that owns all SAP HANA files and all related operating system processes of a particular tenant database | ||
SAP HANA Extended Application Services, Advanced Model (XSA) | |||
XS_ADMIN | Administrative user for the XS advanced application server, has unlimited access to Controller API | Predefined XSA Users - SAP HANA Security Guide - SAP Library | |
HDI_BROKER_CONTROLLER | User for HDI Broker API | ||
sap_sb | User for UAA Broker API | ||
Database Users
Depending on the components you installed, several database users will be available after installation or must be created for a specific purpose.
Database users may or may not correspond to real people. Users that do not correspond to real people are referred to as "technical database users". Most standard technical database users are used internally to perform certain tasks and it's not possible to log on with them.
Component | User | Purpose/Description | Link to More Info |
|---|---|---|---|
SAP HANA Database | |||
SYSTEM | Database superuser | Predefined Users - SAP HANA Security Guide - SAP Library | |
SYS | Technical database user that owns database objects such as system tables and monitoring views | ||
XSSQLCC_AUTO_USER_ | Technical database users automatically generated on activation of SQL connection configurations | ||
_SYS_AFL | Technical user that owns all objects for Application Function Libraries | ||
_SYS_EPM | Technical database used by the SAP Performance Management (SAP EPM) application | ||
_SYS_REPO | Technical database user used by the SAP HANA repository (SAP HANA XS, classic model). | ||
_SYS_STATISTICS | Technical database user used by the internal monitoring mechanism of the SAP HANA database | ||
_SYS_TASK | Technical database user in SAP HANA Enterprise Information Management. This user owns all task framework objects. | ||
_SYS_WORKLOAD_REPLAY | Technical database user used by capture and replay capability of the SAP HANA Performance Management tool. | ||
_SYS_XB | Technical user for internal use only | ||
SAP HANA Extended Application Services, Advanced Model (XSA) | |||
SYS_XS_RUNTIME | Owns the Controller’s SAP HANA schema containing BlobStore, ConfigStore and SecureStore | Predefined XSA Users - SAP HANA Security Guide - SAP Library | |
SYS_XS_UAA | Owns the UAA’s SAP HANA schema for user management | ||
SYS_XS_UAA_SEC | Owns the UAA’s SAP HANA secure store for the user credentials | ||
SYS_XS_HANA_BROKER | Owns the HDI Broker’s SAP HANA schema | ||
SYS_XS_SBSS | Owns SAP HANA schema containing procedures to generate user passwords in a secure manner; used by the HDI Broker | ||
_SYS_DI | Owns all HDI SQL-based APIs, for example all API procedures in the_SYS_DI schema and API procedures in containers | ||
_SYS_DI_*_CATALOG | Technical users used by the HDI to access database system catalog tables and views | ||
_SYS_DI_SU | Technical superuser of the HDI created at installation time | ||
_SYS_DI_TO | Owns transaction and connections of all internal HDI transactions | ||
Further technical users for HDI schema-based containers | See documentation | ||
SAP DB Control Center | |||
Administration user (e.g., DCC_ADM) | Database user required for the SAP DCC administrator who adds, imports, and removes systems. | Setting up SAP DCC for the First Time - SAP DB Control Center 4 Guide - SAP Library | |
Configuration user (e.g., DCC_CONFIG) | Database user required for the configuration of SAP DB Control Center | ||
Collector user (e.g., DCC_COLLECTOR) | Technical database user used by SAP DCC for data collections and other background tasks. | ||
Technical user (e.g. SAPDBCC) | Technical database user used by SAP DCC to identify systems that can be added for management and to monitor the health of systems once they're added. This account is not intended for human users. | ||
SAP HANA Dynamic Tiering | |||
_SYS_ES | Technical database user used by dynamic tiering; automatically created when you create extended storage._SYS_ES logs on internally through the dynamic tiering service. | SAP HANA Dynamic Tiering Administration Guide - SAP Library | |
ES_ADMIN | Administrator user that should only be used by administrators for troubleshooting and with the guidance of SAP support. | Dynamic Tiering Administration User - SAP HANA Dynamic Tiering Administration Guide - SAP Library | |
SAP HANA Accelerator for SAP ASE | |||
sa | Administrator user used to establish the connection between SAP HANA and SAP ASE. The user can assign administration control to selected SAP ASE login accounts. | Permissions - SAP HANA Accelerator for SAP ASE: Administration Guide - SAP Library | |
SAP HANA Smart Data Streaming | |||
SYS_STREAMING | Technical database user used to perform policy administration functions such as granting and revoking privileges | SYS_STREAMING and SYS_STREAMING_ADMIN - SAP HANA Smart Data Streaming: Security Guide - SAP Library | |
SYS_STREAMING_ADMIN | Technical database user used to perform all tasks in smart data streaming, except publishing or subscribing to streams | ||
SAP HANA Smart Data Integration and SAP HANA Smart Data Quality | |||
No additional standard database users available or required | |||
SAP HANA Advanced Data Processing: File Loader | |||
FLACCESS | Technical database user used for file loader access | File Loader Guide for SAP HANA | |
FLADMIN | Technical database user used for file loader administration | ||
FLDBCONN | Technical database user used for file loader connections to the SAP HANA database | ||
SAP HANA Spatial | |||
Content viewer user | Database user required to view geo content using the Geo Content viewer tool SAP HANA Spatial Reference | Create a User to View Geo-Content - SAP HANA Spatial Reference - SAP Library | |
Geospatial Metadata Installer user (for example RESTRICTED_USER) | Database user required to use the Geospatial Metadata Installer | Create Database Users - SAP HANA Spatial Reference - SAP Library | |
Connection user (for example, CONNECTOR) | Database user required to establish the required SQLCC connection and modify the defined database object using Geospatial Metadata Installer | ||
SAP HANA Remote Data Sync | |||
SYS_SYNC | Technical database user that performs synchronizations for Remote Data Sync clients. | SAP HANA Remote Data Sync: Security Guide | |
SAP HANA Trigger-Based Data Replication Using SAP LT Replication Server | |||
Connection user | Initial technical database user required to create a database connection from the SAP LT Replication Server to the SAP HANA system | Security Guide for Trigger-Based Data Replication Using SAP Landscape Transformation Replication Server | |
Replication user | Technical database user required to connect from the SAP LT Replication Server to the SAP HANA system for replication. One replication user is created for each replication schema. The replication user has the same name as the corresponding schema. | ||