Note 1639578 - SSFS as password storage for primary database connect

Version : 11 / 2013-01-10


This note describes the general steps that are required to use the "Secure Storage in File System (AS ABAP)" (SSFS) for the storage of the password of the ABAP database user. In the following, the "Secure Storage in File System (AS ABAP)" is also referred to as "secure storage". The note also described the availability of the solution for the individual databases.

Currently, the procedure is supported by the following databases. Refer to the relevant notes for details about availabilities and required database-specific configuration steps:

  • Sybase ASE: SAP Note 1643080
  • Oracle: SAP Note 1622837

If you use Oracle as a database platform, take the following into account:

  • All SAP products that can be used only with kernel version < 7.20, exclusively support the standard OPS$ remote connect.
  • All SAP products that are used with kernel version > 7.38, as well as all the Oracle databases > Version 11.2, exclusively support the new connect procedure with SSFS that is described here.

The Oracle-specific SAP Note 1622837 describes how you best proceed for SAP or Oracle upgrade projects that lead from one category to another.

Other Terms

Reason and Prerequisites

You are using an SAP product based on AS ABAP in combination with one of the aforementioned database platforms and you are using the 7.20 kernel or higher. In addition, you fulfill the prerequisites mentioned in the relevant platform notes, particularly if you are using the 7.20 kernel in the DCK (downward-compatible kernel) mode.

In this case, you can decide to replace the platform-specific mechanism for storing the password of the ABAP database user with a standardized procedure. To do this, you store user and password information in an encrypted manner in the "Secure Storage in File System". After you make sure that the SAP system and its tools can still connect to the database successfully after the changeover, remove the old password storage. Optionally and to ensure greatest possible security, you can define an external encryption key.

Solution :

(SAP Service marketplace login required)