Background documentationDatabase Users Locate this document in the navigation structure

 

Database users can change data in the database using query tools, database applications, or SQL statements. They can create and change database objects such as tables, views, and indexes. There can be several database users per database.

Database users can log on to the following database tools and programming interfaces:

  • Database Studio

  • SQLCLI

  • Loader

  • ODBC, JDBC, SQLDBC interfaces

Note that database users cannot carry out administration tasks for which a DBM server logon is required.

Every database user belongs to a database user class. Database user classes have different authorization levels for the database.

The work processes of an SAP system always connect to the database as database users SAP<SAPSID>, SAP<SAPSID>DDB (Java EE systems) or SAPR3 (older systems), where <SAPSID> is the SAP system ID.

Properties
SQL Properties of Database Users

Property

Description

User Class

DBA | RESOURCE | STANDARD

Connection Mode

NOT EXCLUSIVE: Allows the database user to open several database sessions simultaneously.

EXCLUSIVE: Each database user can open only one database session.

Caution Caution

This connection mode only exists still for historical reasons. Do not use it. Database users with this connection mode cannot work with Database Studio.

End of the caution.

DISABLED: The database user is locked and cannot open any database sessions.

Session Timeout

Time after which the database session is ended after user inactivity.

Cost Warning

Specifies the estimated SELECT cost value beyond which the user receives a warning. In this case, the user is asked whether he or she really wants to execute the SQL statement.

Cost Limit

Specifies the estimated SELECT cost value beyond which the SQL statement is not executed. This value must be greater than the Cost Warning value.

Default Code Attribute

Default code attribute for creating new columns

DEFAULT: The default code attribute is defined by the DefaultCodePage database parameter.

ASCII

UNICODE

Database User Classes

Database User Class

Properties

DBA

Database administrators

Users belonging to this class can:

  • Create RESOURCE and STANDARD database users

  • Create database objects

  • Grant all or part of the privileges for their database objects to other database users

RESOURCE

Users belonging to this class can:

  • Define data

  • Create database procedures

  • Grant privileges for their database objects to other database users

STANDARD

Users belonging to this class can:

  • Access data and database procedures for which they have been granted the necessary privileges

  • Define view tables, synonyms, and temporary tables

Managing Database Users

The database system administrator can create database users of any database user class. Database users of the DBA user class can create, change, and delete database users of the RESOURCE and STANDARD classes.

More information:

You can assign special roles to database users in the SAP system. More information:

Privileges for Database Objects

Database users can be owners of database objects, such as tables or schemas. As owner of a database object, a database user can assign privileges for the object to other database users.

Privilege

Object

Privilege Allows Database Users to

ALTER

Table

Use the ALTER TABLE statement

More information: Privilege Specification (priv_spec)

CREATEIN

Schema

Create database objects in the specified schema

More information: Privilege Specification for a Schema (schema_priv_spec)

DELETE

Table

Delete rows in the specified tables

More information: Privilege Specification (priv_spec)

DROPIN

Schema

Delete database objects in the specified schema

More information: Privilege Specification for a Schema (schema_priv_spec)

EXECUTE

Database procedure

Database function

Execute the database procedure or the database function

More information: GRANT Statement (grant_statement)

INDEX

Table

Use the CREATE INDEX, ALTER INDEX and DROP INDEX statements

More information: Privilege Specification (priv_spec)

INSERT

Table

Insert rows in the specified tables

More information: Privilege Specification (priv_spec)

REFERENCES

Table

Specify the specified table as a referenced table in a column definition or referential CONSTRAINT definition

More information: Privilege Specification (priv_spec)

SELECT

Sequence

Use the specified sequences

More information: GRANT Statement (grant_statement)

SELECT

Table or parts of a table

Select entire rows or parts of rows in the specified tables

More information: Privilege Specification (priv_spec)

SELUPD

Table or parts of a table

The SELECT and UPDATE privileges are granted.

More information: Privilege Specification (priv_spec)

UPDATE

Table or parts of a table

Change entire rows or parts of rows in the specified tables

More information: Privilege Specification (priv_spec)

More information: SQL Reference Manual, GRANT Statement (grant_statement)