Linda, I am working with Lance on our current implementation and we were hoping others had gone down the trail were trying to blaze ourselves.
About 1 year back, our proof-of-concept activity with CyberArk Professional Services was not geared towards anything in the HANA environment. However, we were able to successfully demo CyberArk control of a regular application login (via SAPGUI) by launching the GUI by executing the sapshcut.exe program with parameters; access a system/OS-level (<sid>adm )account for tracking administrative work; automate use of a <sid>adm account and issuing a brconnect command line with parameters to change the SAP DB passwords; change a password in SAP automatically; and lastly --- dynamically have an OS script call into CyberArk and retrieve a password for a replaceable parameter in an OS script that did a remote connection/file transfer to a non-SAP server.
Not being familiar with the HANA setup, is it really necessary to create DB-level accounts? is there no similar "higher-level" interface like there is for the other SAP systems (ERP for example) to create user accounts? How are you managing privileges/authorizations to the data in the HANA db? I would imagine that not every user should have the ability to extract content directly from the database.