Create Account Attributes
The following list contains the provisioning policy attributes for Create Account.
Note
Parameters marked with an asterisk (*) are mandatory.
USERNAMEThe username of the SAP HANA database.
Password
The password of the user.
Force Password Change On Next Logon
Note
Force Password Change On Next Logon is set to YES when the service account is used to create an account. Force Password Change On Next Logon can be set to NO only when the Admin account is used as the service account for SAP HANA. The Service account must have the privilege AUDIT ADMIN to make these changes.
-
Set the value to Yes, if the user must be requested to change their password at next login.
-
If the Force Password Change On Next Logon flag is not specified in the provisioning plan, then the password mode (permanent or temporarily) is dependent on the SAP HANA security policy.
-
-
To set the value to No, the following configurations must be made on the SAP HANA managed system.
-
Sign in to the SAP HANA studio as the System User.
-
Right-click on Security to open the security console.
-
Select the Password Policy tab.
-
Uncheck the option for User must change password at first logon.
-
Restricted
Select true if the user must be created in Restricted mode.
Disable Password
Sets the password in disable mode.
Valid From
Specify a date/time from when the user account is valid.
Valid Until
Specify a date/time until when the user account is valid.
Email Address
The email address of the user.
Time Zone
The time zone of the user.
Kerberos Authentication
Note
Kerberos authentication is not supported when using SAP HANA Cloud database.
External ID for Kerberos
Specifies the external identifier for Kerberos authentication.
SAML Authentication
Identity Provider Name
Specifies the SAML identity provider name.
External ID for SAML
Specifies the external identifier for SAML authentication.
SAML Providers List
Use this field to create an account with multiple SAML identity providers for a user. Enter the SAML Provider names along with their external identifiers in the format: Provider::ExternalIdentifier.
To provide multiple values, separate them with a comma. For example, SAML_PROVIDER1::XS1,SAML_PROVIDER2::XS1
Note
If this field is used during the provisioning flow, it will take priority over the SAML Identity Provider Name and External ID.
Provisioning Custom Parameters
In order to provision custom parameters for a database user that exists in the USER_PARAMETERS table in the SAP HANA database, you must add the parameter name with the prefix PARAM: (this must be in all capital letters) as an attribute in the account schema. For more information, refer to Custom User Parameters.
Once you have added the custom parameter to your account schema you can update the parameter value in your provisioning policy. The technical name for the field should be the same as the name of the parameter to be provisioned along with the PARAM: prefix (this must be in all capital letters) to mark it as a parameter.
Note
Ensure the attribute name (except the prefix PARAM:) matches the case of the parameter name in the database without any unwanted leading or trailing spaces.
Note the following:
The SAP HANA connector supports provisioning of only the following attributes:
Note
The SAP HANA connector supports the provisioning of users having Kerberos and SAML 2.0 authentication along with password authentication mechanism. For more information on using Kerberos and SAML 2.0 authentication, refer to Additional Authentication Resources.
Create and Update Operation Only
Entitlement Attributes
-
APPLICATION_PRIVILEGES
-
CATALOG_ROLES
-
REPOSITORY_ROLES
-
SYSTEM_PRIVILEGES
Update Operation
Account Attributes
-
EMAIL_ADDRESS
-
TIME_ZONE
-
VALID_FROM
-
VALID_UNTIL
-
DISABLE_PASSWORD
-
IS_RESTRICTED
-
IS_CLIENT_CONNECT_ENABLED
-
EXTERNAL_IDENTITY_KERBEROS
-
SAML_PROVIDER
-
EXTERNAL_IDENTITY_SAML