Special Operating System Users and Groups (UNIX/Linux)

Use

To protect database resources from unauthorized access, MaxDB uses special operating system users and user groups on UNIX and Linux.

·        <sdb_user>

·        <sdba_group>

·        Support Group

Only these operating system users or members of these operating system groups have direct access to the database resources at the operating system level.

The operating system administrator root is only required for installing the database software, not for productive operation.

A SetUID root program is only required for a user change to <sdb_user>.

Overview of Special Operating System Users and Groups

Name

System Default Value

Type

User Rights

root

root

User

Installing the database software

Granting access rights to operating system users (by their group affiliation)

<sdb_user>

sdb

User

Owner of all database resources

<sdba_group>

sdba

Group

Creating database instances

Starting, stopping and updating the MaxDB X Server

Analysis and error handling

Support Group

sdb<database_name>

Group

Optional; support tasks

<os_user>

User

Normal operating system user

Accessing the database tool Database Manager (requires a valid DBM operator name and a password to log on to the database instance)

Accessing other database tools (e.g. Loader, SQLCLI), interfaces (ODBC, JDBC, SQLDBC) and all the database tools that use these interfaces (Database Analyzer, Web Tools); here a database user name and password are required

Starting the X Server

<sid>adm

User

SAP system administrator and database administrator in SAP systems

Member of the group <sdba_group>

sqd<sid>

User

Obsolete, not for liveCache database instances

Owner of all database resources

Activities

The installation program creates the special operating system users and groups during the installation of the database software. For more information, see the Installation Manual, Installing/Updating the Software on UNIX and the corresponding Installation Guide for SAP systems.

We recommend that you create the special operating system users and groups before installing the software. During the installation, they then receive the authorizations described here for accessing the database resources.

If you manage the operating system users and groups for your system centrally in the network, then you have to create them there before starting the installation. For information about how you create operating system users and groups, see your operating system documentation.

Which authorizations individual operating system users have for the database system depends on the operating system group they belong to. The operating system administrator is responsible for assigning operating system users to operating system groups. For local user administration, root is the operating system administrator; for user administration using Network Information Services (NIS) it is the NIS administrator.

See also:

Users, Authentication and Authorizations