Special Operating System Users and Groups on Unix and Linux

On Unix and Linux, the database systems uses the following special operating system user and groups:

Special Operating System Users and Groups for SAP MaxDB (Unix and Linux)
Name	System Default Value	Type	Authorizations
`<sdb_user>`	`sdb`	User	Owner of all database resources
`<sdba_group>`	`sdba`	Group	Creating databases Analysis and error handling
Support group	`sdb<database_name>`	Group	Optional; support tasks
`root`	`root`	User	Installing the database software Granting access rights to operating system users (by their group affiliation) A SetUID root program is only required for a user change to `<sdb_user>`.
`<os_user>`	-	User	Normal operating system user Accessing the DBM server (requires a valid DBM operator name and a password to log on to the database instance) Accessing other database tools (for example Loader, SQLCLI), interfaces (ODBC, JDBC, SQLDBC) and all database tools that use these interfaces (for example Database Analyzer); a database user name and password are required Starting the X Server (SAP MaxDB communication server)
`<sid>adm`	-	User	SAP system administrator and database administrator in SAP systems Group member of `<sdba_group>`
`sqd<sid>`	-	User	Obsolete Not for SAP liveCache databases Owner of all database resources

Which Operating System Users Are Allowed to Access Which Database Resources?
Database Resource	Unix and Linux	Microsoft Windows
Volumes	`<sdb_user>` (owners) Members of the `<sdba_group>` group, if there is no support group Members of the support group	Group member of `Administrators`, `System`, `Creator/Owner` or `SDB Operators`
Backups	`<sdb_user>` (Owners) Group member of `<sdba_group>`	Group member of `Administrators`, `System`, `Creator/Owner` or `SDB Operators`
Files and directories of the database software	`<sdb_user>` (Owners) Group member of `<sdba_group>`	All
Database processes	`<sdb_user>` (Owners)	`Local System Account`
X Server (SAP MaxDB communication server)	`<sdb_user>` (Owners)	`Local System Account`

Which Standard SAP Operating System Users Are Allowed to Access Which Database Resources?
Database Resource	Unix and Linux	Microsoft Windows
All	`<sid>adm` (SAP system administrator and database administrator in SAP systems) Group member of `<sdba_group>`	`<SID>ADM` Group member of `Administrators`, `SDB Operators`
All	`<sqd>sid` Obsolete, not for liveCache databases Owner	`<SQD>SID`
`<sid>` = System ID of the SAP system

Which SAP MaxDB Versions Support These Special Operating System User and Groups?

All SAP MaxDB versions 7.5 and higher support them.

For versions <7.5, you can manually restrict operating system level access to database resources. More information: SAP MaxDB Security Guide, Restricting Access to Database Resources (Unix and Linux up to Database Version 7.5)

How Are the Special Operating System User and Groups Created?

The database installation program creates the special operating system users and groups during the installation of the database software. For more information, see the Installation Manual, Installing and Updating the Software on Unix and the corresponding installation guides for SAP systems.

Recommendation

Create the special operating system user and groups before installing the database software. During the installation process, they then receive the authorizations for accessing the database resources.

If you manage the operating system users and groups for your system centrally in the network, then you must create them there before starting the installation.

For information about how to create operating system users and groups, see your operating system documentation.

End of the recommendation.