In the SAP system, Operating system authentication will be used to connect to the Oracle database server with SYSDBA or SYSOPER privileges. SYSDBA and SYSOPER privileges give us special administrative privileges, enabling us to perform certain database operations for which privileges cannot be granted in any other fashion.

In SAP systems with Oracle, special operating system users created during the installation have effectively privileges for administration and maintenance of the Oracle database on two levels:

1. They can access Oracle instance directories and files and call database maintenance tools on operating system level.
2. They can connect to the Oracle instance with special database users and do either administrative work or maintain SAP objects and data in the database.

Mappings between OS groups and system privileges.

1. Members of operating system group ORA_DBA or
   ORA_<DBSID>_DBA can connect to the Oracle instance
   with system privilege SYSDBA. A member of the Windows local groupORA_<DBSID>_DBA can just connect to and administer the
   instance <DBSID>. A member of ORA_DBA is able to do this in any
   Oracle instance installed on the corresponding host.
2. Members of operating system group ORA_<DBSID>_OPER can connect to the Oracle instance
   with system privilege SYSOPER.

We can see the OS groups are created while sap installation from the following screen. Members of these groups can connect to oracle instance and do the oracle administration activities with the system privileges as mentioned above.

OS Groups mapped to oracle system privileges

This entry was posted on February 16, 2012 at 8:58 PM. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Posted in SAP Basis Notes by Raj No Comments Yet