Operating Syatem and Databse Users.
To safeguard your SAP system, you must control user access on three different
levels:
1. Operating system
2. Database
3. SAP system
Database users are needed for two different purposes. First the SAP system
itself connects to the database during operation and second the database
administrators are connecting to the database to perform administrative actions.
Oracle System Privileges
System privileges control operations performed by database users on the instance
or database level. There are over 100 system privileges in Oracle.
Object privileges control operations on object level, such as querying data in
tables or views (SELECT) or modifying data (INSERT, UPDATE, DELETE).
The special system privileges SYSDBA and SYSOPER can be thought of as types
of connections. In an SAP system, we use operating system authentication to
connect to Oracle with the privileges SYSDBA or SYSOPER.
Operating System users and groups
In SAP systems with Oracle, special operating system users created during the
installation have privileges for administration and maintenance of the Oracle
database on two levels:
1. They can access Oracle instance directories and files and call database
maintenance tools on operating system level.
2. They can connect to the Oracle instance with special database users and
either perform administrative work or maintain SAP objects and data in
the database.
operating system users and groups in an SAP system with Oracle:
Unix Environment:
OS user| Oracle-relevant| Privileges in Oracle
ora
oper| Restricted administration of all instances
oper| Restricted administration of all instances
Windows 2002/2003environment:
OS user| Oracle-relevant| Previleges in Oracle
OS Group
ORA_
ORA_DBA| Full administration of all instance
SAPService
ORA_
ORA_DBA| Full administration of all instance
Oracle Database Roles
Within the database, system and object privileges can be pooled to database roles
Privileges are grouped and granted to users through database roles
DBA, contain all system and object privileges needed for administration of the database, however does not include the SYSDBA and SYSOPER system privileges.
So, DBA is the most important role in the Oracle.
Oracle Data Users
Every Oracle database contains two administrative user accounts, SYS and SYSTEM, which are automatically created during installation and assigned the database role DBA.
SYS: Owner of the database’s data dictionary tables and views, can perform
database administration, has privileges to access and modify all
database tables and data.
SYSTEM: Can perform database administration, has privileges to access
database tables and data, but can not modify data dictionary
tables.
Introduction:
An Oracle server is a relational database management system (RDBMS), which is
a server that manages relational data in a database.
An RDBMS (or a database server) is able to:
1. Manage large amounts of data in a multiuser environment so that many users
can concurrently access the same data
2. Maintain relationships between data
3. Control access to data in terms of security, using its own user authorization
concept
4. Recover data to point of known consistency in the event of a system failure
5. Deliver high performance for processing of data requests
In an SAP system, the only interactive user connecting to the database server
should be the database administrator. Application data processing is almost
exclusively initiated by work processes of SAP instances in the role of database
clients.
Terminology :
1. Database,
An Oracle database is a collection of data, logically treated as a unit.
Physically, the data is stored in one or more data files on disks.
Oracle manages database data in logical units called tablespaces. A database
object, such as a table, is always created in a particular tablespace. A
tablespace consists of one or more data files.
2. Instance,
The combination of Oracle (background) processes and memory
buffers.
3. SGA (System Global Area)
- a shared memory region Which allocated when every time an Oracle instance started.
- SGA can only be accessed by the processes of this instance.
- SGA contain copies of data and control information for the corresponding Oracle instance.
4. Processes
Every time an Oracle instance is started, Oracle background processes are
started. When an instance shuts down, the processes are stopped.
5. system identifier (DBSID)
- Every database is uniquely identified in the network by its system identifier.
- On SAP systems, the system identifier must consist of exactly three
characters, the first of which must be an uppercase letter, while the other two
can be uppercase letters or digits.
Database Architecture
(tobe continued...)
