SAPDBA: Expert Mode (SAP Library - Database Administration (Oracle) with SAPDBA)

SAPDBA: Expert Mode

You can set a so-called expert mode for the essential functions of SAPDBA. In this way, only users with the appropriate privileges (knowledge of the password for activating expert mode) can execute critical functions. Expert mode is set for the required function with the menu option Expert mode. If no changes were made, SAPDBA only requires that expert mode is activated when the function Restore/Recovery. You can also protect a number of other functions with expert mode. See "Allocating Expert Mode".

This procedure depends on the operating system (for example it is not supported at all for Windows NT).

EXPERT MODE: OFF/ON
PRIVILEGES: ALL SAVED (NOTHING ALTERED)/<n> CHANGED but not SAVED

a	- Switch expert mode
(b	- Set initial password for expert)
c	- Change password for expert
d	- Show/Alter privileges for main options
e	- Save current privileges

If SAPDBA reports that expert mode is not active when calling a function, select the option Expert mode. This menu (Expert’s Password) enables you to activate the expert mode once you enter an appropriate password.

The password is known.

You can activate expert mode by selecting Switch expert mode and entering the password. The entry EXPERT MODE: ON appears in the Expert’s Password menu after successful operation. You can now use the SAPDBA functions for which the expert mode is required.

The password is not known.

See Defining the Password.

Allocating Expert Mode

Using the menu option Show/Alter privileges for main options you can see which menu options were protected with expert mode. If you activated expert mode (EXPERT MODE: ON), you can allocate further functions to this security mechanism or remove them from it:

	SAPDBA menu option which is locked
START/STOP	Startup/Shutdown instance
TSP_ADMIN	Tablespace administration ® Alter tablespace Add Datafile Tablespace administration ® Create tablespace
REORG	Reorganization ® Reorganize single table or index Reorganization ® Reorganize list of tables and indexes Reorganization ® Reorganize tablespace Reorganization ® Reorganize tablespace and data files Reorganization ® Move/rename data files of a tablespace
EXP/IMP	Export/import
ARCHIVE_MODE	Archive mode ® Toggle database log mode Archive mode ® Toggle automatic archival
EXEC_SQL_SCRIPT	Additional functions ® Execute SQL scripts
BACKUP	Backup database Backup archive logs
RESTORE	Restore/Recovery
CLEANUP	Show/Cleanup ® Cleanup log files/directories
ALTER	Reorganization ® Alter/show table or index storage parameters

With the PRIVILEGES: display you can see how many functions you made changes to in expert mode within the current session. You can save these changes with the menu option Save current privileges. SAPDBA logs the functions which are protected by the expert mode in the database table SAPDBAPRIV.

If table SAPDBAPRIV does not exist, SAPDBA creates it. The owner of the table is sapr3 . You can allocate SAPDBAPRIV to user system using the corresponding ORACLE commands if you want to protect the table against unauthorized access.

If the database is closed, SAPDBA cannot access SAPDBAPRIV and cannot store any changes in the expert mode. In this case, SAPDBA uses internal default values, that is only the functions Check (and repair) database and Restore/Recovery are protected by the expert mode.