Background documentationData Storage Security Locate this document in the navigation structure

 

The data of a database is stored in the file system.

Caution Caution

During installation, the installation program assigns the correct permissions to all your database directories and database files. Do not change the permissions of any database directories or files later, because this might render your database software installation unusable.

End of the caution.

There are several operating system users that have extensive authorizations for accessing database resources using operating system commands.

Special Operation System Groups for SAP MaxDB on Microsoft Windows

Name

Type

Authorizations

SDB Operators

Group

Access to the following resources:

  • Database software files and directories (<global_data_path> and <private_data_path> directories and their subdirectories)

  • Database processes

  • SAP MaxDB global listener and X server processes (communication servers)

  • Volumes

  • Backups

Permissions for the following administration tasks (among others):

  • Creating new databases

  • Using the XCONS database tool

  • Changing database parameters

  • Accessing the volumes

<SID>ADM

User

  • SAP system administrator and database administrator in SAP systems

  • Group member of SDB Operators, Administrators

SQD<SID>

User

Obsolete

Not for SAP liveCache databases

Owner of all database resources

Special Operating System Users and Groups for SAP MaxDB (Unix and Linux)

Name

System Default Value

Type

Authorizations

<sdb_user>

sdb

User

Owner of all database resources

<sdba_group>

sdba

Group

  • Creating databases

  • Analysis and error handling

Support group

sdb<database_name>

Group

Optional; support tasks

root

root

User

  • Installing the database software

  • Granting access rights to operating system users (by their group affiliation)

A SetUID root program is only required for a user change to <sdb_user>.

<os_user>

-

User

  • Normal operating system user

  • Accessing the DBM server (requires a valid DBM operator name and a password to log on to the database)

  • Accessing other database tools (for example Loader, SQLCLI), interfaces (ODBC, JDBC, SQLDBC) and all database tools that use these interfaces (for example Database Analyzer); a database user name and password are required

  • Starting the global listener and X servers (SAP MaxDB communication server)

<sid>adm

-

User

  • SAP system administrator and database administrator in SAP systems

  • Group member of <sdba_group>

sqd<sid>

-

User

Obsolete

Not for SAP liveCache databases

Owner of all database resources

Hazards
  • Unauthorized access to protected database resources using external user data

    A normal operating system user learns the password of a privileged operating system user and accesses protected database resources using operating system commands.

  • Access to unprotected database resources

    A person uses operating system commands to access database resources not protected by restrictions at the operating system level.

  • An unauthorized person gains access to backups of a database.

More Information

Database Administration, Special Operating System Users and Groups