Special Operating System Users and Groups on Unix and Linux

Use

On Unix and Linux, the database systems uses the following special operating system user and groups:

Table 1: Special Operating System Groups for SAP MaxDB (Microsoft Windows)
Name	System Default Value	Type	Authorizations
`<sdb_user>`	sdb	User	Owner of all database resources Group member of `<sdba_group>`
`<sdba_group>`	sdba	Group	Creating databases Analysis and error handling Srating the global listener and X server (SAP MaxDB communicatin server)
`<support_group>`	sdb `<database_name>`	Group	Optional; support tasks
root	root	User	Installing the database software Granting access rights to operating system users (by their group affiliation) A SetUID root program is only required for a user change to `<sdb_user>` .
`<os_user>`	-	User	Normal operating system user Accessing the DBM server (requires a valid DBM operator name and a password to log on to the database) Accessing other database tools (for example Loader, SQLCLI), interfaces (ODBC, JDBC, SQLDBC) and all database tools that use these interfaces; a database user name and password are required
`<sid>` adm	-	User	SAP system administrator and database administrator in SAP systems Group member of `<sdba_group>`
sqd `<sid>`	-	User	Not for SAP liveCache databases SQD<SID> is owner of all database resources and is the operating system user for database administrators. Group member of `<sdba_group>`

Table 2: Which Operating System Users Are Allowed to Access Which Database Resources?
Database Resource	Unix and Linux	Microsoft Windows
Volumes	`<sdb_user>` (owners) Members of the `<sdba_group>` group, if there is no support group Members of the support group	Group member of Administrators, System, Creator/Owner or SDB Operators
Backups	`<sdb_user>` (Owners) Group member of `<sdba_group>`	Group member of Administrators, System, Creator/Owner or SDB Operators
Files and directories of the database software	`<sdb_user>` (Owners) Group member of `<sdba_group>`	All
Database processes	`<sdb_user>` (Owners)	Local System Account
X Server (SAP MaxDB communication server)	`<sdb_user>` (Owners)	Local System Account

Table 3: Which Standard SAP Operating System Users Are Allowed to Access Which Database Resources?
Database Resource	Unix and Linux	Microsoft Windows
All	`<sid>` adm	`<SID>` ADM
All	sqd `<sid>`	SQD `<SID>`
`<sid>`/ `<SID>` = System ID of the SAP system

Which SAP MaxDB Versions Support These Special Operating System User and Groups?

All SAP MaxDB versions 7.5 and higher support them.

How Are the Special Operating System User and Groups Created?

The database installation program creates the special operating system users and groups during the installation of the database software. For more information, see the Installation Manual, Installing and Updating the Software on Unix and the corresponding installation guides for SAP systems.

Recommendation

Create the special operating system user and groups before installing the database software. During the installation process, they then receive the authorizations for accessing the database resources.

If you manage the operating system users and groups for your system centrally in the network, then you must create them there before starting the installation.

For information about how to create operating system users and groups, see your operating system documentation.

More Information

SAP MaxDB Security Guide, Data Storage Security