Background documentationData Storage Security Locate this document in the navigation structure

 

The data of a database is stored in the file system. There are several operating system users that have extensive authorizations for accessing database resources using operating system commands.

Special Operation System Groups for SAP MaxDB on Microsoft Windows

Name

Type

Authorizations

SDB Operators

Group

Access to the following resources:

  • Database software files and directories (<independent_data_path> directory and its subdirectories)

  • Database processes

  • SAP MaxDB X Server process (communication server)

  • Volumes

  • Backups

Permissions for the following administration tasks (among others):

  • Creating new databases

  • Using the XCONS database tool

  • Changing database parameters

  • Accessing the volumes

<SID>ADM

User

  • SAP system administrator and database administrator in SAP systems

  • Group member of SDB Operators, Administrators

SQD<SID>

User

Obsolete

Not for SAP liveCache databases

Owner of all database resources

Special Operating System Users and Groups for SAP MaxDB (Unix and Linux)

Name

System Default Value

Type

Authorizations

<sdb_user>

sdb

User

Owner of all database resources

<sdba_group>

sdba

Group

  • Creating databases

  • Analysis and error handling

Support group

sdb<database_name>

Group

Optional; support tasks

root

root

User

  • Installing the database software

  • Granting access rights to operating system users (by their group affiliation)

A SetUID root program is only required for a user change to <sdb_user>.

<os_user>

-

User

  • Normal operating system user

  • Accessing the DBM server (requires a valid DBM operator name and a password to log on to the database instance)

  • Accessing other database tools (for example Loader, SQLCLI), interfaces (ODBC, JDBC, SQLDBC) and all database tools that use these interfaces (for example Database Analyzer); a database user name and password are required

  • Starting the X Server (SAP MaxDB communication server)

<sid>adm

-

User

  • SAP system administrator and database administrator in SAP systems

  • Group member of <sdba_group>

sqd<sid>

-

User

Obsolete

Not for SAP liveCache databases

Owner of all database resources

Hazards
  • Unauthorized access to protected database resources using external user data

    A normal operating system user learns the password of a privileged operating system user and accesses protected database resources using operating system commands.

  • Access to unprotected database resources

    A person uses operating system commands to access database resources not protected by restrictions at the operating system level.

  • Access to database data in the web browser's cache

    A person uses operating system commands to access database data on the hard disk that was saved in the cache of the web browser by an authorized database user who worked with Web SQL.

More Information

Database Administration, Special Operating System Users and Groups