Operating System Users
In the SAP system the roles of the users ora<dbsid> and <sapsid>adm on UNIX, or <sapsid>adm and SAPSERVICE<SID> on Windows, used to be separate. Due to the requirements for RMAN backup, this is no longer true. Both users now belong to the operating system groups dba andoper, as shown in the tables below.
Database Roles
· SYSDBA
All authorizations
· SYSOPER
Operator activities, but no read or write authorizations.
· SAPDBA
Read and write authorizations to work with BR*Tools command options, and therefore the DBA functions in the Computer Center Management System (CCMS).
To be able to use the CCMS DBA functions or BR*Tools command options without restrictions, the OPS$ user must have both the SYSOPER role and the SAPDBA role.
Operating System Users and Groups, Database Users and Roles
UNIX
Operating System Users | Operating System Group | Database Role | Database Users |
ora<dbsid> | dba oper | SYSDBA SYSOPER | OPS$ORA<DBSID> |
<sapsid>adm | dba oper | SYSDBA SYSOPER | OPS$<SAPSID>ADM |
Windows
Operating System Users | Operating System Group | Database Role | Database Users |
<sapsid>adm | ORA_<SID>_DBA ORA_<SID>_OPER | SYSDBA SYSOPER | (SYS) OPS$<DOMAIN>\<SAPSID>ADM |
SAPSERVICE<SID> | ORA_<SID>_DBA ORA_<SID>_OPER | SYSDBA SYSOPER | OPS$<DOMAIN>\SAPSERVICE<SID> |
The OS group on Windows can also be specified globally (without instance name) (ORA_DBA, ORA_OPER).
OPS$ Database User
The Oracle OPS$ mechanism moves the entire DB security mechanism to the operating system level.
The prerequisite is that a DB user OPS$<OS_user> corresponding to the OS user is defined on the database, and identified as externally. It must have been granted the SAPDBA role.
Once you have logged on successfully with the OS user, you can connect to the database with:
SQL>connect /
This means you do not have to enter another password. You are then working as OPS$<OS_user>. In the same way you can start the program BRBACKUP with:
OS> brbackup –u /
This OPS$ mechanism is always used if you call BR*Tools from the CCMS transaction DB13 in the SAP System.
The OPS$ Mechanism (UNIX)
BR*Tools Database User
The standard DB user used by BR*Tools is always SYSTEM. BR*Tools connects with the Oracle option AS SYSOPER or AS SYSDBA for actions such as startup, shutdown, recover and so on, as well as selecting from V$ tables when the database is not open.
No comments:
Post a Comment