Search code examples
authenticationhanadatabase-permissions

User getting deactivated due to wrong credentials


In HANA, we have one database user which is shared across 100 users (may not be best practice). We are frequently coming across the situation where user is getting deactivated due to connection attempt with wrong credentials.

Maximum_invalid_connect_attempts are 6. Is it possible to find out last application users or OS users who have tried to connect with wrong credentials?

We are also thinking of increasing Maximum_invalid_connect_attempts and number of users. But before that, is there a way to find application user/OS users trying to connect wrongly?

Best Regards


Solution

  • We have one db user which is shared across 100 users (May not be best practice)

    There is no ambiguity here, this is not just "not best practice" it's plain wrong to share a user account across multiple end users. By doing that, you abandon all account related security and the problem you seem to face is a direct consequence of that.

    To find out which OS user tried to log on to the system (successful or not) the db auditing needs to be configured. The action that needs to be audited is VALIDATE USER and is available with HANA 2.

    You can of course also just disable the whole max_invalid_connect_attempts as you don't seem to worry about DB access security anyway.