Background documentationSpecial Operating System Users and Groups on Unix and Linux Locate this document in the navigation structure

 

On Unix and Linux, the database systems uses the following special operating system user and groups:

Special Operating System Users and Groups for SAP MaxDB (Unix and Linux)

Name

System Default Value

Type

Authorizations

<sdb_user>

sdb

User

Owner of all database resources

<sdba_group>

sdba

Group

  • Creating databases

  • Analysis and error handling

Support group

sdb<database_name>

Group

Optional; support tasks

root

root

User

  • Installing the database software

  • Granting access rights to operating system users (by their group affiliation)

A SetUID root program is only required for a user change to <sdb_user>.

<os_user>

-

User

  • Normal operating system user

  • Accessing the DBM server (requires a valid DBM operator name and a password to log on to the database instance)

  • Accessing other database tools (for example Loader, SQLCLI), interfaces (ODBC, JDBC, SQLDBC) and all database tools that use these interfaces (for example Database Analyzer); a database user name and password are required

  • Starting the X Server (SAP MaxDB communication server)

<sid>adm

-

User

  • SAP system administrator and database administrator in SAP systems

  • Group member of <sdba_group>

sqd<sid>

-

User

Obsolete

Not for SAP liveCache databases

Owner of all database resources

Which Operating System Users Are Allowed to Access Which Database Resources?

Database Resource

Unix and Linux

Microsoft Windows

Volumes

<sdb_user> (owners)

Members of the <sdba_group> group, if there is no support group

Members of the support group

Group member of Administrators, System, Creator/Owner or SDB Operators

Backups

<sdb_user> (Owners)

Group member of <sdba_group>

Group member of Administrators, System, Creator/Owner or SDB Operators

Files and directories of the database software

<sdb_user> (Owners)

Group member of <sdba_group>

All

Database processes

<sdb_user> (Owners)

Local System Account

X Server (SAP MaxDB communication server)

<sdb_user> (Owners)

Local System Account

Which Standard SAP Operating System Users Are Allowed to Access Which Database Resources?

Database Resource

Unix and Linux

Microsoft Windows

All

<sid>adm (SAP system administrator and database administrator in SAP systems)

Group member of <sdba_group>

<SID>ADM

Group member of Administrators, SDB Operators

All

<sqd>sid

Obsolete, not for liveCache databases

Owner

<SQD>SID

<sid> = System ID of the SAP system

Which SAP MaxDB Versions Support These Special Operating System User and Groups?

All SAP MaxDB versions 7.5 and higher support them.

For versions <7.5, you can manually restrict operating system level access to database resources. More information: SAP MaxDB Security Guide, Restricting Access to Database Resources (Unix and Linux up to Database Version 7.5)

How Are the Special Operating System User and Groups Created?

The database installation program creates the special operating system users and groups during the installation of the database software. For more information, see the Installation Manual, Installing and Updating the Software on Unix and the corresponding installation guides for SAP systems.

Recommendation Recommendation

Create the special operating system user and groups before installing the database software. During the installation process, they then receive the authorizations for accessing the database resources.

If you manage the operating system users and groups for your system centrally in the network, then you must create them there before starting the installation.

For information about how to create operating system users and groups, see your operating system documentation.

End of the recommendation.