Users and Roles
Operating System Users
In R/3 Release 4.0 the roles of the users
ora<sid> and <sid>adm on UNIX, or <SID>ADM and SAPSERVICE<SID> on Windows NT, were separate. Only the user ora<sid>, or <SID>ADM on NT, has unrestricted authorization for DBA operations. This user belongs to the two operating system groups oper and dba (UNIX), or ORA<SID>DBA and ORA<SID>OPER (Windows NT).In contrast the authorizations of the operating system user
<sid>adm (UNIX) or SAPSERVICE<SID> (Windows NT) are restricted to operator activities, such as starting/shutting down the database, performing database backups and database checks. This user only belongs to the operating system group oper (UNIX), or ORA<SID>OPER (Windows NT).Database Roles
To be able to use the CCMS DBA functions or SAPDBA and BRBACKUP command options without restrictions the
OPS$ user must have both the SYSOPER role and the SAPDBA role.Overview: Operating system users and groups, database users and roles
UNIX
|
OS users |
OS group |
DB role |
OS users |
|
ora<sid> |
dba oper |
SYSDBA SYSOPER |
INTERNAL (SYS) |
|
<sid>adm |
oper |
SYSOPER |
OPS$<SID>ADM |
|
SAPDBA |
Windows NT
|
OS users |
OS group |
DB role |
OS users |
|
<SID>ADM |
ORA_<SID>_DBA ORA_<SID>_OPER |
SYSDBA SYSOPER |
INTERNAL (SYS) |
|
SAPSERVIE<SID> |
ORA<SID>OPER |
SYSOPER |
OPS$SAPSERVICE<SID> |
|
SAPDBA |
The OS group on Windows NT can also be specified globally (without instance name) (
ORA_DBA, ORA_OPER).OPS$ Database User
The Oracle
OPS$ mechanism moves the entire DB security mechanism to the operating system level.The prerequisite is that a DB user
OPS$<OS_user> corresponding to the OS user is defined on the database, and identified as externally.Once you have logged on successfully with the OS user, you can connect to the database with:
This means you do not have to enter another password. You are then working as
OPS$<OS_user>. In the same way you can start the program SAPDBA with:OS> sapdba –u /
.This
OPS$ mechanism is always used if you call SAPDBA or BRBACKUP from the CCMS menu in the SAP System.The OPS$ Mechanism (UNIX)
SAPDBA Database User
The standard DB user is always
SYSTEM. SYSTEM connects with the Oracle option AS SYSOPER or AS SYSDBA for actions such as startup, shutdown, recover and so on, as well as selecting from V$ tables when the database is not open.
