Search This Blog

Thursday, February 16, 2012

Operating System Users and Groups & Database Users and Roles

Operating System Users

In the SAP system the roles of the users ora<dbsid> and <sapsid>adm on UNIX, or <sapsid>adm and SAPSERVICE<SID> on Windows, used to be separate. Due to the requirements for RMAN backup, this is no longer true. Both users now belong to the operating system groups dba andoper, as shown in the tables below.


Database Roles

·        SYSDBA
All authorizations

·        SYSOPER
Operator activities, but no read or write authorizations.

·        SAPDBA
Read and write authorizations to work with BR*Tools command options, and therefore the DBA functions in the Computer Center Management System (CCMS).

To be able to use the CCMS DBA functions or BR*Tools command options without restrictions, the OPS$ user must have both the SYSOPER role and the SAPDBA role.


Operating System Users and Groups, Database Users and Roles


UNIX

Operating System

Users

Operating System Group

Database Role

Database Users

ora<dbsid>

dba

oper

SYSDBA

SYSOPER

OPS$ORA<DBSID>

<sapsid>adm

dba

oper

SYSDBA

SYSOPER

OPS$<SAPSID>ADM

 

Windows

Operating System

Users

Operating System Group

Database Role

Database Users

<sapsid>adm

ORA_<SID>_DBA

ORA_<SID>_OPER

SYSDBA

SYSOPER

(SYS)

OPS$<DOMAIN>\<SAPSID>ADM

SAPSERVICE<SID>

ORA_<SID>_DBA

ORA_<SID>_OPER

SYSDBA

SYSOPER

OPS$<DOMAIN>\SAPSERVICE<SID>


The OS group on Windows can also be specified globally (without instance name) (ORA_DBAORA_OPER).


OPS$ Database User

The Oracle OPS$ mechanism moves the entire DB security mechanism to the operating system level.

The prerequisite is that a DB user OPS$<OS_user> corresponding to the OS user is defined on the database, and identified as externally. It must have been granted the SAPDBA role.

Once you have logged on successfully with the OS user, you can connect to the database with:

 SQL>connect /

This means you do not have to enter another password. You are then working as OPS$<OS_user>. In the same way you can start the program BRBACKUP with:

OS> brbackup –u /

This OPS$ mechanism is always used if you call BR*Tools from the CCMS transaction DB13 in the SAP System.

The OPS$ Mechanism (UNIX)

This graphic is explained in the accompanying text


BR*Tools Database User

The standard DB user used by BR*Tools is always SYSTEM. BR*Tools connects with the Oracle option AS SYSOPER or AS SYSDBA for actions such as startup, shutdown, recover and so on, as well as selecting from V$ tables when the database is not open.

End of Content Area

No comments:

Post a Comment