• Home
  • Linux
  • UNIX
  • Website Development
  • SAP Basis
  • SAP Solution Manager
  • SAP PI/XI
  • SLD

Brtools permissions

For set correct permission and owners for brtools execute:

chmod 4774 brarchive brbackup brconnect

chown <orasid>:sapsys brarchive brbackup brconnect

Note 113747 – Owners and authorizations for BR*Tools

Solution

The following settings are required to call the BR*Tools correctly, especially when using transaction DB13 or DBACOCKPIT:

(1)
ora<sid> and <sid>adm on DB server have a search path on /sapmnt/<SID>/exe. (All br* are contained in this directory.)
ora<sid> belongs to the dba group,
<sid>adm belongs to the sapsys group,

(2)
<sid>adm on the database server has the rhosts entry: “+ <sid>adm”.

(3)
The ops$<sid>adm Oracle user must be created in the DB and must have the sapdba role (not DBA!) (refer to Note 134592 for more information about the role).

(4)
brarchive, brbackup, and brconnect belong to ora<sid> and have authorization 4774:
-rwsrwxr–   ora<sid>   sapsys   …

Reason:
Both the operating system (OS) user ora<sid> and the OS user <sid>adm (for example, from SAP R/3, transactions DB13 or DBACOCKPIT) must be able to call these tools. These tools require access authorization to the database directories and files as well as to the log directories (saparch, sapbackup, sapcheck, and sapreorg) of the BR*Tools. To ensure that they can be executed by both ora<sid> and by <sid>adm, they must belong to the user ora<sid>, and the s-bit must be set.

(5)
brrestore, brrecover, brspace, and brtools belong to <sid>adm and have authorization 755:
-rwxr-xr-x   <sid>adm   sapsys   …

Reason:
These tools may be used only by OS user ora<sid>, but not by <sid>adm. This ensures that the user <sid>adm does not have write authorization for the log directories and therefore cannot create any logs. For this, no s-bit is set, and it is not necessary to define an owner other than the standard owner <sid>adm.
If the tools were started using <sid>adm, they would terminate immediately after the start due to the missing log authorization. However, the user ora<sid> can start the programs despite this and also has the required authorization for the log directories.

« Example ALTER DATABASE DATAFILE AUTOEXTEND ON MAXSIZE UNLIMITED
Error: Remote access to the NetWeaver Administrator is forbidden. See SAP Note 1451753 for details. »
Еще по теме:
This entry was posted in SAP Basis and tagged brtools.
2 Comments к “Brtools permissions”
  1. selvakumar says:
    15/04/2015 at 06:13

    Hi,

    brtools has owner is ora and group is SAPSYS, but how it is working in the ora,

    how these permissions get interpret???

    Reply
  2. pavan says:
    21/05/2018 at 15:35

    please provide exact permissions and ownerships of br tools in linux environment

    Reply
Оставить Ответ
Click here to cancel reply.

  • Курсы валют

    RUB/USD - 52,5123

    RUB/EUR - 54,6405

  • Tags
    ABAP AIX AI_RUNTIME_JCOSERVER Archlinux awk BPE brtools CHARM client copy cp CUA dev_w logs download basket download or upload files drivers EarlyWatch Alert epson ESR file system find firefox FTP GRUB HA systems hot keys HTTPS ibus icm Internet Explorer Java kernel keyboard language Linux Linux Mint logs Managed System Configuration mount mpv NWA Open Source ORACLE pacman PI Cache READ_USER RFC authorization robots.txt roles RWB RZ20 rz21 SAPCAR sapgui saposcol SAP Web Dispatcher SAP по русски Secure store Service Desk shared memory Shutter SLD sm21 sm59 SMD agent SOLAR_PROJECT_ADMIN spam ST03 STAD STMS STZAC Super L SUSE swap terminal text editors timezone tp Ubuntu Unix client Upgrade USB UTF-8 viber waterfox wordpress xterm YouTube youtube-dl zoom Альтернатива Windows Горячие клавиши Зависания Клавиша Win Кодировка Отмена перехода на зимнее время Температура процессора загрузка Excel минимальные требования к аппаратному обеспечению
  • Posts with most comments
    • SAP Solution Manager не работает отправка сообщения в SAP (4)
    • Error: Remote access to the NetWeaver Administrator is forbidden. See SAP Note 1451753 for details. (4)
    • AI_RUNTIME_JCOSERVER – Timeout while waiting for a connection to be established (2)
    • Script for UnSAPCAR Multiple SAR files in single shot (2)
    • Problem with stop/start saposcol (2)

© 2011 - 2022 30 years in IT. All Rights Reserved.