Database Users

Database users can change data in the database using query tools, database applications, or SQL statements. They can create and change database objects such as tables, views, and indexes. There can be several database users per database.

Database users can log on to the following database tools and programming interfaces:

Database Studio
SQLCLI
Loader
ODBC, JDBC, SQLDBC interfaces

Note that database users cannot carry out administration tasks for which a DBM server logon is required.

Every database user belongs to a database user class. Database user classes have different authorization levels for the database.

The work processes of an SAP system always connect to the database as database users SAP<SAPSID>, SAP<SAPSID>DDB (Java EE systems) or SAPR3 (older systems), where <SAPSID> is the SAP system ID.

Properties

SQL Properties of Database Users
Property	Description
`User Class`	DBA \| RESOURCE \| STANDARD
`Connection Mode`	NOT EXCLUSIVE: Allows the database user to open several database sessions simultaneously. EXCLUSIVE: Each database user can open only one database session. Caution This connection mode only exists still for historical reasons. Do not use it. Database users with this connection mode cannot work with Database Studio. End of the caution. DISABLED: The database user is locked and cannot open any database sessions.
`Session Timeout`	Time after which the database session is ended after user inactivity.
`Cost Warning`	Specifies the estimated SELECT cost value beyond which the user receives a warning. In this case, the user is asked whether he or she really wants to execute the SQL statement.
`Cost Limit`	Specifies the estimated SELECT cost value beyond which the SQL statement is not executed. This value must be greater than the `Cost Warning` value.
`Default Code Attribute`	Default code attribute for creating new columns DEFAULT: The default code attribute is defined by the `DefaultCodePage` database parameter. ASCII UNICODE

Database User Classes
Database User Class	Properties
DBA	Database administrators Users belonging to this class can: Create RESOURCE and STANDARD database users Create database objects Grant all or part of the privileges for their database objects to other database users
RESOURCE	Users belonging to this class can: Define data Create database procedures Grant privileges for their database objects to other database users
STANDARD	Users belonging to this class can: Access data and database procedures for which they have been granted the necessary privileges Define view tables, synonyms, and temporary tables

Managing Database Users

The database system administrator can create database users of any database user class. Database users of the DBA user class can create, change, and delete database users of the RESOURCE and STANDARD classes.

More information:

Database Studio, Creating Database Users, Changing the Properties of Database Users, Deleting Database Users
SQL Reference Manual, CREATE USER Statement, ALTER USER Statement, ALTER PASSWORD Statement, DROP USER Statement
Database Administration in CCMS, User Data

You can assign special roles to database users in the SAP system. More information:

Database Administration in CCMS, Prerequisites

Privileges for Database Objects

Database users can be owners of database objects, such as tables or schemas. As owner of a database object, a database user can assign privileges for the object to other database users.

Privilege	Object	Privilege Allows Database Users to
`ALTER`	Table	Use the `ALTER TABLE` statement More information: Privilege Specification (priv_spec)
`CREATEIN`	Schema	Create database objects in the specified schema More information: Privilege Specification for a Schema (schema_priv_spec)
`DELETE`	Table	Delete rows in the specified tables More information: Privilege Specification (priv_spec)
`DROPIN`	Schema	Delete database objects in the specified schema More information: Privilege Specification for a Schema (schema_priv_spec)
`EXECUTE`	Database procedure Database function	Execute the database procedure or the database function More information: GRANT Statement (grant_statement)
`INDEX`	Table	Use the `CREATE INDEX`, `ALTER INDEX` and `DROP INDEX` statements More information: Privilege Specification (priv_spec)
`INSERT`	Table	Insert rows in the specified tables More information: Privilege Specification (priv_spec)
`REFERENCES`	Table	Specify the specified table as a referenced table in a column definition or referential `CONSTRAINT` definition More information: Privilege Specification (priv_spec)
`SELECT`	Sequence	Use the specified sequences More information: GRANT Statement (grant_statement)
`SELECT`	Table or parts of a table	Select entire rows or parts of rows in the specified tables More information: Privilege Specification (priv_spec)
`SELUPD`	Table or parts of a table	The `SELECT` and `UPDATE` privileges are granted. More information: Privilege Specification (priv_spec)
`UPDATE`	Table or parts of a table	Change entire rows or parts of rows in the specified tables More information: Privilege Specification (priv_spec)

More information: SQL Reference Manual, GRANT Statement (grant_statement)

More Information

Conventions for User Names and Passwords