The data of a database is stored in the file system.
During installation, the installation program assigns the correct permissions to all your database directories and database files. Do not change the permissions of any database directories or files later, because this might render your database software installation unusable.
There are several operating system users that have extensive authorizations for accessing database resources using operating system commands.
Name |
Type |
Authorizations |
---|---|---|
SDB Operators |
Group |
Access to the following resources:
Permissions for the following administration tasks (among others):
|
<SID> ADM |
User |
|
SQD<SID> |
User |
Not for SAP liveCache databases SQD<SID> is owner of all database resources and is the operating system user for database administrators. Group member of SDB Operators |
Name |
System Default Value |
Type |
Authorizations |
---|---|---|---|
<sdb_user> |
sdb |
User |
Owner of all database resources Group member of <sdba_group> |
<sdba_group> |
sdba |
Group |
|
<support_group> |
sdb <database_name> |
Group |
Optional; support tasks |
root |
root |
User |
A SetUID root program is only required for a user change to <sdb_user> . |
<os_user> |
- |
User |
|
<sid> adm |
- |
User |
|
sqd <sid> |
- |
User |
Not for SAP liveCache databases SQD<SID> is owner of all database resources and is the operating system user for database administrators. Group member of <sdba_group> |
Hazards
Unauthorized access to protected database resources using external user logon data
A normal operating system user learns the password of a privileged operating system user and accesses protected database resources using operating system commands.
An unauthorized person gains access to backups of a database.
Access to unprotected database resources
A person uses operating system commands to access database resources not protected by restrictions at the operating system level.
Access to database resources is restricted. Don't change these restrictions.