The access rights are automatically set during installation. The authorization concept for the files and directories up to database version 7.4.03 (inclusive) is shown in the table below:
Authorization Concept for SAP System Directories and Files (up to Database Version 7.4.03)
Directories |
Privilege |
Owner |
Group |
Comment |
/sapdb/<SID>/sapdata |
750 |
sqd<sid> |
sapsys |
|
/sapdb/<SID>/saplog |
750 |
sqd<sid> |
sapsys |
|
/sapdb/<SID>/sapsys |
750 |
sqd<sid> |
sapsys |
|
/sapdb/<SID>/dbsys |
750 |
sqd<sid> |
sapsys |
No longer applies as of 7.4 |
/sapdb/<SID>DB |
750 |
sqd<sid> |
sapsys |
|
Files |
|
|
|
|
/sapdb/<SID>/sapdata/* |
660 |
sqd<sid> |
sapsys |
|
/sapdb/<SID>/saplog/* |
660 |
sqd<sid> |
sapsys |
|
/sapdb/<SID>/sapsys/* |
660 |
sqd<sid> |
sapsys |
|
/sapdb/<SID>/dbsys/sys |
660 |
sqd<sid> |
sapsys |
No longer applies as of 7.4 |
|
|
|
|
|
Raw devices for the database system
|
660 |
sqd<sid> |
|
Link to the raw devices used as data volumes or log volumes. |
You can change the access privileges. For information about how to do this, see Assigning Access Privileges for Files and Directories beschrieben.
As of the database version 7.5, the access privileges for the directories and files are only set during installation and, if required, by the database tools. The owner sdb and the group sdba are assigned. For more information, see the Installation Manual: Authorization Concept for UNIX Operating Systems.
In particular, all volumes also receive these access privileges. This means that all members of the sdba group have access to the volumes. If the security of your system requires it, the administrator can restrict these access privileges by assigning the volumes to instance-specific groups with a DBM command. To provide the highest level of security, the administrator can assign an empty group to a volume, so that only the database instance itself had access to the volumes.
You may have to change the access privileges for the directory /sapdb/<SID>DB of the database version below 7.5 to 755, so that the database processes of version 7.5 have unrestricted access to all directories.