467,189 Members | 1,318 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

home > topics > db2 database > questions > sap db2 userids

Post your question to a community of 467,189 developers. It's quick & easy.

SAP DB2 userids

Does anyone else support SAP running onto of DB2 in an unix
environment? The consultants we have in here are insisting on
creating a different DB2INST owner/userid for each environment and
server. They say....."In all the installations they have worked on,
this is the way it has been done: different user ids for different
boxes/environments."

This seems quite counter intuitive to me who grew up with ONE userid
for all Informix instances on many, many servers. I would guess that
DB2 could also have one userid for all of its instances provided each
instance was on a separate server.

Oh. I forgot to say; each SAP DB2 instance is on its own server, so
we are going to have 4 sandbox, 4 development, 4 QA, and 4 PRD
instances and all of them will have a different userid.

Anyone find this odd?

Aug 9 '07 #1
  • viewed: 3638
Share:
4 Replies
Da********@gmail.com wrote:
Thanks for your reply.

My main question is: Are other SAP installations really like
this????
<quote>
Here is what I got from the SAP residends:
"This is the design SAP is based on. Each system ( if they need to be
part of the transport system) needs a unique SID (3 letters). The SID is
part of the user name
Admin user = <sid>adm
dbuser = db2<sid>, ora<sid>, inf<sid>
schema owner = sap<sid>

This design takes also in account that usually more users are allowed to
maintain a sandbox system then the production box. Especially in large
companies only a few dba's are allowed to work on production. This is
also part of our security design. SAP allows to have multiple systems on
one box and by using the same users to maintain different systems the
risk of working with the wrong system is too big. Besides I don't think
Sarbanes-Oxley would allow such a design.

Since the sid is part of the user there is not much to remember anyway.
You need to know which system you would like to work on like
PRD
QAS
TST
then you know the user to use as well, because they all have the same
pattern. If the customer likes he can use the same password for all
systems. That's his decision.
Btw. we never hat this complain before.
To answer the last question below, yes all SAP installations work like this.
</quote>

Cheers
Serge

--
Serge Rielau
DB2 Solutions Development
IBM Toronto Lab
Aug 10 '07 #2
Hi Serge.

Thanks for the reply. From a security aspect, different accounts
must have different passwords. Password management is the issue.

In our environment, all the SAP instances are on their own server, so
there will not be 2 separate instances on a single server. From a
security aspect, I hope the transport connectivity is not performed at
the DB2INST userid level.

I appreciate you contacting your SAP coharts. I didn't mean to be a
"complaint"; more like an oddity; a question; like WHY does it have to
be this way?

Since we are not a LARGE company, there is only one DBA. *frown*

Thanks, again.


On Aug 10, 9:03 am, Serge Rielau <srie...@ca.ibm.comwrote:
DavidAW...@gmail.com wrote:
Thanks for your reply.
My main question is: Are other SAP installations really like
this????

<quote>
Here is what I got from the SAP residends:
"This is the design SAP is based on. Each system ( if they need to be
part of the transport system) needs a unique SID (3 letters). The SID is
part of the user name
Admin user = <sid>adm
dbuser = db2<sid>, ora<sid>, inf<sid>
schema owner = sap<sid>

This design takes also in account that usually more users are allowed to
maintain a sandbox system then the production box. Especially in large
companies only a few dba's are allowed to work on production. This is
also part of our security design. SAP allows to have multiple systems on
one box and by using the same users to maintain different systems the
risk of working with the wrong system is too big. Besides I don't think
Sarbanes-Oxley would allow such a design.

Since the sid is part of the user there is not much to remember anyway.
You need to know which system you would like to work on like
PRD
QAS
TST
then you know the user to use as well, because they all have the same
pattern. If the customer likes he can use the same password for all
systems. That's his decision.
Btw. we never hat this complain before.
To answer the last question below, yes all SAP installations work like this.
</quote>

Cheers
Serge

--
Serge Rielau
DB2 Solutions Development
IBM Toronto Lab

Aug 10 '07 #3
<Da********@gmail.comwrote in message
news:11*********************@x40g2000prg.googlegro ups.com...
Does anyone else support SAP running onto of DB2 in an unix
environment? The consultants we have in here are insisting on
creating a different DB2INST owner/userid for each environment and
server. They say....."In all the installations they have worked on,
this is the way it has been done: different user ids for different
boxes/environments."

This seems quite counter intuitive to me who grew up with ONE userid
for all Informix instances on many, many servers. I would guess that
DB2 could also have one userid for all of its instances provided each
instance was on a separate server.

Oh. I forgot to say; each SAP DB2 instance is on its own server, so
we are going to have 4 sandbox, 4 development, 4 QA, and 4 PRD
instances and all of them will have a different userid.

Anyone find this odd?
I don't work with SAP, but I think it is better to have the same userid's
and different passwords. That way the db2look contains all the SQL to create
or copy the environment to another server.

The instance owner id is a different story. It depends on how many instances
per physical server. If your development, integration, qa, uat, etc are all
on different servers, then you could use the same instance owner id on each,
but that is not typical. Anyway, neither the application nor the developers
should even know about the instance owner id or password.
Aug 10 '07 #4
Da********@gmail.com wrote:
I appreciate you contacting your SAP coharts. I didn't mean to be a
"complaint"; more like an oddity; a question; like WHY does it have to
be this way?

Since we are not a LARGE company, there is only one DBA. *frown*
Neither I nor the SAP person saw it as a complaint. :-)
Since I'm no subject matter expert on SAP I wouldn't be able to judge
anyway.

Cheers
Serge
--
Serge Rielau
DB2 Solutions Development
IBM Toronto Lab
Aug 10 '07 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics
Testing static and dynamic web pages
reply views Thread by gg.2.starfire@spamgourmet.com | last post: by
History of logins or Userids
4 posts views Thread by Raziq Shekha | last post: by
Passing array of sctruct to extern functions?
2 posts views Thread by Fredrik Olsson | last post: by
numeric userids in db2 udb v8.1.9 linux
2 posts views Thread by Bob Stearns | last post: by
Performance issues with Retrieving data
5 posts views Thread by Sanjay Pais | last post: by
sql query help
1 post views Thread by j420exe | last post: by
BYTES.COM © 2021
About Us
Advertise
Terms Of Use
Privacy Policy
Manage Cookies
Contact Us
Sitemap
DB2 Database Answers Sitemap
DB2 Database Insights Sitemap

Follow us! Get the Latest Bytes Updates
By using this site, you agree to our Privacy Policy and Terms of Use.