For the database system’s security, from Version 7.5.00, MaxDB on UNIX uses special operating system users and groups:
Only these operating system users or members of these operating system groups have direct access to the database resources at operating system level.
The operating system administrator root is only required for installing the database software, not for productive operation.
A SetUID root program is only required for switching to the user change to <sdb_user>.
Overview of special operating system users and groups
Name |
System Default |
Type |
User Rights |
root |
root |
User |
Install the database software Grant access rights to operating system users using their group affiliation |
<sdb_user> |
sdb |
Users |
Owner of all database resources |
<sdba_group> |
sdba |
Group |
Create database instances Start, stop and update the MaxDB X Server Analysis and error elimination |
Support group |
sdb<database_name> |
Group |
Optional; support tasks |
Others |
|
‑ |
Manage database instances with the Database Manager Use other database tools (Loader, SQLCLI) Use the ODBC, JDBC, SQLDBC interfaces and all programs that use these interfaces (such as Database Analyzer, Web Tools) Start the MaxDB X Server |
The special operating system users and groups are created when the installation program installs the database software. For more information, see the Installation Manual in Installing/Updating the Software on UNIX.
We recommend that you create the special operating system users and groups before installing the software. During the installation, they then receive the authorizations described here for accessing the database resources.
If you manage the operating system users and groups for your system centrally in the network, then you have to create them before starting the installation. For information about how you create operating system users and groups, see your operating system documentation.
Which authorizations individual operating system users have for the database system depend on the operating system group they belong to. The operating system administrator is responsible for assigning operating system users to operating system groups. For local user administration, root is the operating system administrator; for user administration using Network Information Services (NIS) it is the NIS administrator.
The following figure shows an operating system user’s authorizations. The user does not belong to a special operating system group.