For the execution of MaxDB programs and access to database files, the database software package contains a preconfigured authorization concept as of Version 7.5.00. This concept applies to both installations within SAP systems, and to open source installations.
This concept includes the special operating system user <sdb_user> and the operating system user group <sdba_group>.
If you manage operating system users and user groups locally on your host, we recommend that you register the names of the special operating system user and the user groups in the operating system before you start the installation. However, you can also do this during the installation process.
If you manage operating system users and user groups for your system centrally in the network, you must create them here before you start the installation.
For more information on creating operating system users and user groups, see your operating system documentation.
The special operating system user is the owner of all the database software and database processes, which also makes this user the owner of, for example, the volumes, database trace, and the database logs. This user is created once during the initial installation of a database software package with version 7.5.00 or higher. The system default for the user name is sdb.
The special operating system user is a member of the administrator group, and does not log on to the operating system interactively. The administrator group is the primary group of the user sdb.
This special operating system user cannot have the authorization to log on to the operating system interactively. For this reason, take this authorization away from this user. For information on how to do this, see your operating system documentation (lock account).
The programs and libraries used by both the database instances and database applications are assigned to the administrator group once when the software is installed. The system default for the name of the administrator group is sdba.
Operating system users who belong to this group have access to the database logs. They can create new database instances and start, stop, and update the X Server.
The users of the administrator group have access to the volumes of the database instances through the file system.