Summary
Symptom
This note provides information about how to set the authorizations for the BR*Tools correctly.
Other terms
DB13, DB14, DB16, DB20, DB24, RZ11
Reason and Prerequisites
Authorization problems
Solution
The following settings are required to call the BR*Tools correctly, especially when using transaction DB13 or DBACOCKPIT:
(1)
ora and adm on DB server have a search path on /sapmnt//exe. (All br* are contained in this directory.)
ora belongs to the dba group,
adm belongs to the sapsys group,
(2)
adm on the database server has the rhosts entry: "+ adm".
(3)
The ops$adm Oracle user must be created in the DB and must have the sapdba role (not DBA!) (refer to Note 134592 for more information about the role).
(4)
brarchive, brbackup, and brconnect belong to ora and have authorization 4775:
-rwsrwxr-x ora sapsys ...
Reason:
Both the operating system (OS) user ora and the OS user adm (for example, from SAP R/3, transactions DB13 or DBACOCKPIT) must be able to call these tools. These tools require access authorization to the database directories and files as well as to the log directories (saparch, sapbackup, sapcheck, and sapreorg) of the BR*Tools. To ensure that they can be executed by both ora and by adm, they must belong to the user ora, and the s-bit must be set.
(5)
brrestore, brrecover, brspace, and brtools belong to adm and have authorization 755:
-rwxr-xr-x adm sapsys ...
Reason:
These tools may be used only by OS user ora, but not by adm. This ensures that the user adm does not have write authorization for the log directories and therefore cannot create any logs. For this, no s-bit is set, and it is not necessary to define an owner other than the standard owner adm.
If the tools were started using adm, they would terminate immediately after the start due to the missing log authorization. However, the user ora can start the programs despite this and also has the required authorization for the log directories.
Header Data
|
|
| Release Status: | Released for Customer |
| Released on: | 07.11.2011 17:58:06 |
| Master Language: | German |
| Priority: | Recommendations/additional info |
| Category: | Consulting |
| Primary Component: | BC-DB-ORA-DBA Database Administration with Oracle |
| Secondary Components: | BC-DB-ORA-CCM CCMS/Database Monitors for Oracle |
No comments:
Post a Comment