Concept :
Earlier the connection from the SAP ABAP system worked in such a way that OPS$ connection
was authorized by the OS user to permit access to table OPS$.<SID>ADM.SAPUSER only. It contains the actual database user used for the connection with the encrypted password.
SSFS (Secure Storage File System) will contain the encrypted file store at OS level, to connect to database from SAP ABAP System.
SSFS connections are only applicable for the ABAP system only.
Solution :
1. Create the director under the path /usr/sap/<SID>/SYS/global/security/ with <SID>adm
- mkdir -p /usr/sap/<SID>/SYS/global/security/rsecssfs/data
- mkdir -p /usr/sap/<SID>/SYS/global/security/rsecssfs/key
2. Set the environment variable for the <SID>adm user (.sapenv_<hostname>.csh and .sapenv.csh)
- setenv RSEC_SSFS_DATAPATH /usr/sap/<SID>/SYS/global/security/rsecssfs/data
- setenv RSEC_SSFS_KEYPATH /usr/sap/<SID>/SYS/global/security/rsecssfs/key
- setenv rsdb_ssfs_connect 1
3. Set the profile parameter (DEFAULT.PFL)
- rsec/ssfs_datapath = $(DIR_GLOBAL)$(DIR_SEP)security$(DIR_SEP)rsecssfs$(DIR_SEP)data
- rsec/ssfs_keypath = $(DIR_GLOBAL)$(DIR_SEP)security$(DIR_SEP)rsecssfs$(DIR_SEP)key
- rsdb/ssfs_connect = 1
4. Set the SSFS Credential
- rsecssfx put DB_CONNECT/DEFAULT_DB_USER SAPSR3 -plain
- rsecssfx put DB_CONNECT/DEFAULT_DB_PASSWORD <SCHEMA_PASSWORD>
5. Check the R3trans -d
6. Delete the table SAPUSER
> sqlplus
SQL> connect system/<pwd>
SQL> drop table ops$<sid>adm.sapuser;
SQL> connect system/<pwd>
SQL> drop table ops$<sid>adm.sapuser;
7. Delete the REMOTE_AUTH parameter
> sqlplus
SQL> connect system/<pwd>
SQL> alter system reset remote_os_authent scope=spfile;
helpful..
ReplyDelete