Entering content frame

 Authorization Concept for Database-Related Resources 

The access rights are automatically set during installation. The authorization concept for the files and directories up to database version 7.4.03 (inclusive) is shown in the table below:

Authorization Concept for SAP System Directories and Files (up to Database Version 7.4.03)

Directories

Privilege

Owner

Group

Comment

/sapdb/<SID>/sapdata

750

sqd<sid>

sapsys

 

/sapdb/<SID>/saplog

750

sqd<sid>

sapsys

 

/sapdb/<SID>/sapsys

750

sqd<sid>

sapsys

 

/sapdb/<SID>/dbsys

750

sqd<sid>

sapsys

No longer applies as of 7.4

/sapdb/<SID>DB

750

sqd<sid>

sapsys

 

Files

 

 

 

 

/sapdb/<SID>/sapdata/*

660

sqd<sid>

sapsys

 

/sapdb/<SID>/saplog/*

660

sqd<sid>

sapsys

 

/sapdb/<SID>/sapsys/*

660

sqd<sid>

sapsys

 

/sapdb/<SID>/dbsys/sys

660

sqd<sid>

sapsys

No longer applies as of 7.4

 

 

 

 

 

Raw devices for the database system

 

660

sqd<sid>

 

Link to the raw devices used as data volumes or log volumes.

You can change the access privileges. For information about how to do this, see Assigning Access Privileges for Files and Directories beschrieben.

New Developments with Database Version 7.5

As of the database version 7.5, the access privileges for the directories and files are only set during installation and, if required, by the database tools. The owner sdb and the group sdba are assigned. For more information, see the Installation Manual: Authorization Concept for UNIX Operating Systems.

In particular, all volumes also receive these access privileges. This means that all members of the sdba group have access to the volumes. If the security of your system requires it, the administrator can restrict these access privileges by assigning the volumes to instance-specific groups with a DBM command. To provide the highest level of security, the administrator can assign an empty group to a volume, so that only the database instance itself had access to the volumes.

Version 7.5 and an Older Version Are Installed Together on One Server

You may have to change the access privileges for the directory /sapdb/<SID>DB of the database version below 7.5 to 755, so that the database processes of version 7.5 have unrestricted access to all directories.

 

Leaving content frame