User and Group Profiles

User Profiles

<SID>OPR

<SID>OPR (system operator) is the SAP system administrator’s user profile. This user is only allowed to do administrative tasks such as starting and stopping SAP system instances.

The commands <SID>OPR is allowed to use are listed as objects in the R3TASKS menu. <SID>OPR has no access to the contents of the database.

<SID>OFR

<SID>OFR (system officer) is the SAP system superuser’s profile. This user has all authorizations for the SAP system and its database R3<SID>DATA. <SID>OFR can perform all the tasks that it is authorized to perform and it has certain additional authorizations. However, <SID>OFR has no special authorizations outside the SAP system environment. It also has no special authorizations to other SAP systems (with different SAP system IDs) that may run on the same iSeries. Note that <SID>OFR is not the same as QSECOFR, which is the superuser for the iSeries system.

<SID><nn> / SAP<nn>

<SID><nn>is the user that runs the work processes for the SAP system. In Releases 3.x and 4.0, the processes are run by user SAP<nn> (<nn> represents the instance number). The objects created by this user belong to the corresponding group <SID>OWNER or R3OWNER.

SAP<SID>DB

SAP<SID>DB (J2EE database user) is the only user for accessing the SAP<SID>DB library, for example by the JDBC driver. This user can not be used for directly logging on to the iSeries. If the user profile is disabled, it is no longer possible to access the SAP<SID>DB.

Group Profiles

<SID>OPRGRP

<SID>OPRGRP is the group profile for user <SID>OPR and thus allows the definition of multiple <SID>OPR users.

<SID>OWNER / R3OWNER

<SID>OWNER is the default owner of the SAP system libraries and all SAP system objects. You cannot sign on as user <SID>OWNER. It is the group profile for <SID><nn> and <SID>OFR.

<SID>GROUP / R3GROUP

<SID>GROUP is the primary group for the SAP System Integrated File System (IFS) objects. This group is the supplemental group for all other user profiles generated by the SAP system. Its only purpose is to authorize SAP system users access to IFS objects.

Superuser for iSeries

QSECOFR

QSECOFR is the superuser for iSeries. This user is not necessary to run and maintain the SAP system.

Additional Information

For more information on the user and group concept for DB2 UDB for iSeries, see SAP Note 46063 (lower than 4.0) and SAP Note 173579 (higher than 4.5).