Show TOC

Background documentationAccess Privileges for BR*Tools

 

If you use the DBA Planning Calendar in the Computing Center Management System (CCMS), which uses the BR*Tools, note the following:

  • Assign ora<dbsid> and <sapsid>adm to the groups dba and oper. BRBACKUP then logs on with connect / as sysoper.

    The group oper (DB role: SYSOPER) is an administrator group that is restricted to operator operations. oper can start or shut down the database, perform backups, and so on, but has no read or write authorizations.

  • BRBACKUP and BRARCHIVE must also have full access to the SAP tables SDBAD, SDBAH and tables defined in the XDB interface. These access rights are contained in the database role SAPDBA.

  • BRCONNECT only executes from CCMS when the database is open. Thereby, the appropriate database privileges are necessary for the following BRCONNECT operations:

    -f stats, -f next, -f cleantup, -f check

  • BRCONNECT must have write permissions to the following tables:

    SDBAD, SDBAH, DBSTATC, DBSTATTORA, DBSTATHORA, DBSTATIORA, DBSTAIHORA, and other DBA* tables. These access rights are also contained in the SAPDBA role.

  • In addition, BRBACKUP, BRARCHIVE, BRCONNECT, and BRTOOLS need to run under the user ora<dbsid>. If you start these tools from the SAP System (or over the command line with the user <sapsid>adm), you must first set the SUID bit for these programs. This allows <sapsid>adm to run the programs using the rights from ora<dbsid>. Make sure the owner of these programs is ora<dbsid> and set their access rights to 4775. For more information, see SAP Note 8523Information published on SAP site.

    Note Note

    The owner for BRRESTORE, BRRECOVER, and BRSPACE is <dbsid>adm and its access rights are 755.

    End of the note.