Tuesday, October 9, 2012

Users & Roles SAP: Oracle

1:55 AM   No comments

Operating System Users

In the SAP system the roles of the users ora<dbsid> and <sapsid>adm on UNIX, or <sapsid>adm and SAPSERVICE<SID> on Windows, used to be separate. Due to the requirements for RMAN backup, this is no longer true. Both users now belong to the operating system groups dba and oper, as shown in the tables below.

Database Roles

·        SYSDBA
All authorizations
·        SYSOPER
Operator activities, but no read or write authorizations.
·        SAPDBA
Read and write authorizations to work with BR*Tools command options, and therefore the DBA functions in the Computer Center Management System (CCMS).
To be able to use the CCMS DBA functions or BR*Tools command options without restrictions, the OPS$ user must have both the SYSOPER role and the SAPDBA role.

Operating System Users and Groups, Database Users and Roles

UNIX
Operating System
Users
Operating System Group
Database Role
Database Users
ora<dbsid>
dba
oper
SYSDBA
SYSOPER
OPS$ORA<DBSID>
<sapsid>adm
dba
oper
SYSDBA
SYSOPER
OPS$<SAPSID>ADM

Windows
Operating System
Users
Operating System Group
Database Role
Database Users
<sapsid>adm
ORA_<SID>_DBA
ORA_<SID>_OPER
SYSDBA
SYSOPER
(SYS)
OPS$<DOMAIN>\<SAPSID>ADM
SAPSERVICE<SID>
ORA_<SID>_DBA
ORA_<SID>_OPER
SYSDBA
SYSOPER
OPS$<DOMAIN>\SAPSERVICE<SID>
Note
The OS group on Windows can also be specified globally (without instance name) (ORA_DBA, ORA_OPER).

OPS$ Database User

The Oracle OPS$ mechanism moves the entire DB security mechanism to the operating system level.
The prerequisite is that a DB user OPS$<OS_user> corresponding to the OS user is defined on the database, and identified as externally.
Once you have logged on successfully with the OS user, you can connect to the database with:
 SQLPLUS>connect /
This means you do not have to enter another password. You are then working as OPS$<OS_user>. In the same way you can start the program BRBACKUP with:
OS> brbackup –u /
This OPS$ mechanism is always used if you call BR*Tools from the CCMS transaction DB13 in the SAP System.
The OPS$ Mechanism (UNIX)
This graphic is explained in the accompanying text

BR*Tools Database User

The standard DB user is always SYSTEM. SYSTEM connects with the Oracle option AS SYSOPER or AS SYSDBA for actions such as startup, shutdown, recover and so on, as well as selecting from V$ tables when the database is not open.

Source:  http://help.sap.com/saphelp_nw04/helpdata/en/5a/23882081dd934dbf9d68ca550448c6/content.htm

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)