SSFS (Secure Storage in FileSystem) configuration for BRTOOLS
To increase the security of database connections, SAP Kernel 7.20 Patch Level 100, introduces a new method for the secure saving of the SAP database user or SAP database password. This method stores data for connection to the database in so-called SSFS (Secure Storage in FileSystem). For more information, see SAP Notes: 1622837, 1639578 and 1764043.
To activate SSFS please use the following steps:
- Create the appropriate folder: /oracle/SID/security/rsecssfs/data and /oracle/SID/security/rsecssfs/key
- Check or create the user brt$adm in the database:
- SQL> create user brt$adm identified by <your password>
- SQL> grant sapdba, sysdba, sysoper to brt$adm;
- The initial password shall be changed to the actual password using brconnect…
- brconnect -u SAPSR3/PASSWORD -c -f chpass -o ‘BRT$ADM’ -p ‘<your password>‘ -s brtools
- Now we can test it:
- brconnect -u // -c -f check
Now, without any problems from the OS level (without entering a username and password) you can use brtools to perform various operations, e.g. count the statistics:
/usr/sap/SID/SYS/exe/run/brconnect -u // -c -f stats -t all -f collect -p 6
However, if you need to use the new SSFS method from the transaction: DBACOCKPIT or DB13, you should to make one change in the configuration. Replace the “-u /” option with the “-u //” option in the SDBAC table (field: PSTRING). Example: