Entering content frame

Background documentation Authorization Concept for UNIX Operating Systems Locate the document in its SAP Library structure

Use

To protect the execution of SAP DB programs and the access to database files, the SAP DB software package contains a preconfigured authorization concept as of Version 7.4.04. This concept applies to both installations within SAP systems, and to open source installations.

The concept includes a special operating system user, <sapdb_user>, and two operating system user groups, <sapdb_admin> and <sapdb_support>, which have different levels of authorization.

Note

If you manage operating system users and user groups locally on your host, we recommend that you register the names of the special operating system user and the user groups in the operating system before you start the installation. However, you can also do this during the installation process.

If you manage operating system users and user groups for your system centrally in the network, you must create them here before you start the installation.

For more information on creating operating system users and user groups, see your operating system documentation.

Special Operating System User

The special operating system user is the owner of all the SAP DB software and database processes, which also makes this user the owner of, for example, the volumes, database trace, and the log files. This user is created once on a server when the SAP DB software is installed for the first time. The system default for the user name is sapdb.

The special operating system user is a member of the administrator group, and does not log on to the operating system interactively.

Caution

This special operating system user cannot have the authorization to log on to the operating system interactively.

Administrator Group

The programs and libraries used by both the SAP DB database instances and SAP DB applications are assigned to the administrator group once when the software is installed. The system default for the name of the administrator group is sapdb.

Operating system users who belong to this group have access to the log files. These users can manage all database instances that refer to this software installation, as well as execute the required programs (such as the Database Manager).

Support Group

When the database kernel is installed, the support group is assigned to the server software that is dependent on the database version. This means that you can create a different support group for each installed database kernel. The system default for the name of the first support group is sapdbsupport.

The support group must include those users who need direct access to the volumes of SAP DB database instances, to perform diagnoses, for example.

Note

The authorizations of the administrator group are enough for normal database operations. Only add users to the support group if you need to perform detailed diagnoses for support purposes.

 

 

Leaving content frame