By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,334 Members | 1,290 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,334 IT Pros & Developers. It's quick & easy.

SAP DB2 userids

P: n/a
Does anyone else support SAP running onto of DB2 in an unix
environment? The consultants we have in here are insisting on
creating a different DB2INST owner/userid for each environment and
server. They say....."In all the installations they have worked on,
this is the way it has been done: different user ids for different
boxes/environments."

This seems quite counter intuitive to me who grew up with ONE userid
for all Informix instances on many, many servers. I would guess that
DB2 could also have one userid for all of its instances provided each
instance was on a separate server.

Oh. I forgot to say; each SAP DB2 instance is on its own server, so
we are going to have 4 sandbox, 4 development, 4 QA, and 4 PRD
instances and all of them will have a different userid.

Anyone find this odd?

Aug 9 '07 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Da********@gmail.com wrote:
Thanks for your reply.

My main question is: Are other SAP installations really like
this????
<quote>
Here is what I got from the SAP residends:
"This is the design SAP is based on. Each system ( if they need to be
part of the transport system) needs a unique SID (3 letters). The SID is
part of the user name
Admin user = <sid>adm
dbuser = db2<sid>, ora<sid>, inf<sid>
schema owner = sap<sid>

This design takes also in account that usually more users are allowed to
maintain a sandbox system then the production box. Especially in large
companies only a few dba's are allowed to work on production. This is
also part of our security design. SAP allows to have multiple systems on
one box and by using the same users to maintain different systems the
risk of working with the wrong system is too big. Besides I don't think
Sarbanes-Oxley would allow such a design.

Since the sid is part of the user there is not much to remember anyway.
You need to know which system you would like to work on like
PRD
QAS
TST
then you know the user to use as well, because they all have the same
pattern. If the customer likes he can use the same password for all
systems. That's his decision.
Btw. we never hat this complain before.
To answer the last question below, yes all SAP installations work like this.
</quote>

Cheers
Serge

--
Serge Rielau
DB2 Solutions Development
IBM Toronto Lab
Aug 10 '07 #2

P: n/a
Hi Serge.

Thanks for the reply. From a security aspect, different accounts
must have different passwords. Password management is the issue.

In our environment, all the SAP instances are on their own server, so
there will not be 2 separate instances on a single server. From a
security aspect, I hope the transport connectivity is not performed at
the DB2INST userid level.

I appreciate you contacting your SAP coharts. I didn't mean to be a
"complaint"; more like an oddity; a question; like WHY does it have to
be this way?

Since we are not a LARGE company, there is only one DBA. *frown*

Thanks, again.


On Aug 10, 9:03 am, Serge Rielau <srie...@ca.ibm.comwrote:
DavidAW...@gmail.com wrote:
Thanks for your reply.
My main question is: Are other SAP installations really like
this????

<quote>
Here is what I got from the SAP residends:
"This is the design SAP is based on. Each system ( if they need to be
part of the transport system) needs a unique SID (3 letters). The SID is
part of the user name
Admin user = <sid>adm
dbuser = db2<sid>, ora<sid>, inf<sid>
schema owner = sap<sid>

This design takes also in account that usually more users are allowed to
maintain a sandbox system then the production box. Especially in large
companies only a few dba's are allowed to work on production. This is
also part of our security design. SAP allows to have multiple systems on
one box and by using the same users to maintain different systems the
risk of working with the wrong system is too big. Besides I don't think
Sarbanes-Oxley would allow such a design.

Since the sid is part of the user there is not much to remember anyway.
You need to know which system you would like to work on like
PRD
QAS
TST
then you know the user to use as well, because they all have the same
pattern. If the customer likes he can use the same password for all
systems. That's his decision.
Btw. we never hat this complain before.
To answer the last question below, yes all SAP installations work like this.
</quote>

Cheers
Serge

--
Serge Rielau
DB2 Solutions Development
IBM Toronto Lab

Aug 10 '07 #3

P: n/a
<Da********@gmail.comwrote in message
news:11*********************@x40g2000prg.googlegro ups.com...
Does anyone else support SAP running onto of DB2 in an unix
environment? The consultants we have in here are insisting on
creating a different DB2INST owner/userid for each environment and
server. They say....."In all the installations they have worked on,
this is the way it has been done: different user ids for different
boxes/environments."

This seems quite counter intuitive to me who grew up with ONE userid
for all Informix instances on many, many servers. I would guess that
DB2 could also have one userid for all of its instances provided each
instance was on a separate server.

Oh. I forgot to say; each SAP DB2 instance is on its own server, so
we are going to have 4 sandbox, 4 development, 4 QA, and 4 PRD
instances and all of them will have a different userid.

Anyone find this odd?
I don't work with SAP, but I think it is better to have the same userid's
and different passwords. That way the db2look contains all the SQL to create
or copy the environment to another server.

The instance owner id is a different story. It depends on how many instances
per physical server. If your development, integration, qa, uat, etc are all
on different servers, then you could use the same instance owner id on each,
but that is not typical. Anyway, neither the application nor the developers
should even know about the instance owner id or password.
Aug 10 '07 #4

P: n/a
Da********@gmail.com wrote:
I appreciate you contacting your SAP coharts. I didn't mean to be a
"complaint"; more like an oddity; a question; like WHY does it have to
be this way?

Since we are not a LARGE company, there is only one DBA. *frown*
Neither I nor the SAP person saw it as a complaint. :-)
Since I'm no subject matter expert on SAP I wouldn't be able to judge
anyway.

Cheers
Serge
--
Serge Rielau
DB2 Solutions Development
IBM Toronto Lab
Aug 10 '07 #5

This discussion thread is closed

Replies have been disabled for this discussion.