Linda, thanks for the update.
We are having CyberArk build a custom CLI process for automating (via the SAP BRTOOLS utility, the SAP Application DB user passwords. I would suspect, that if you can sketch out the sequence of SQL commands to be applied, they can build a custom plug-in for it.
Above being said, don't know much about HANA and users, but if the BRTOOLS capability is available, you could probably leverage what we're getting since essentially we're already passing in the account to change, except in our case we're hardcoding to the user SAP expects for SYSTEM->DB access.
Are you currently using CyberArk to manage any standard SAP system application accounts? Something like SAP* or DDIC, or even a generic user account like you'd have for an external RFC connection?
I'll keep you posted on our progress with the custom plug in -- for now, the command line is pretty simple for us with BRTOOLS:
ssh {SIDADMUSER}@{SAPSERVERNAME}
brconnect -u / -f chpass -o 'BRT$ADM' -p {PASSWORD} -s brtools
Variables:
{SIDADMUSER} = the SAP administrative user account on the specific SAP server.
For example: for the PRODUCTION SAP ERP System, the user is 'prdadm'.
{SAPSERVERNAME} = the virtual or physical server name for the SAP environment where the SAP Application user password has to be updated.
{PASSWORD} = the new password to be assigned Example: N3wPa$$W0rd!
You could replace 'BRT$ADM' with the HANA user account name, and eliminate the trailing -s brtools parameter.