Skip to Content

SAPINST DB6 LUW User and Groups

Hi there,

we're trying to install an new SAP-System (ABAP) using DB2 LUW on AIX.

We already have the Users (<sid>adm) using the OS Group "dbsysctl".

Now the SAPINST crashes since he's demanding the OS Group "db<sid>ctl" and the SAPINST does not have the authorities to create a new group.

Is there any way to convince SAPINST to use the existing OS Group "dbsysadm". So far we did not find any option to tell SAPINST to use the existing group.

Regards

Mirko

Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • Posted on Nov 05, 2019 at 03:49 PM

    Hi Mirco,

    is your SAPSYSTEMNAME=SYS or do you want to use the generic group name dbsysctl for all your SAP systems?

    On the database server SWPM expects groups db<dbsid>ctl, db<dbsid>adm and db<dbsid>mon and will set the Db2 dbm cfg parameters SYSADM_GROUP, SYSCTRL_GROUP and SYSMAINT_GROUP accordingly.

    On SAP application servers the sidadm user does not require group db<dbsid>ctl . Are you having the problem during the installation of the DB server instance.

    I am not aware of an SWPM option to use arbitrary group names instead of those names. You could of course use the same group id for dbsysctl and db<dbsid>ctl .

    Regards

    Frank

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Nov 05, 2019 at 07:01 PM

    Hi Frank,

    no the SAPSYSTEMNAME is not SYS.

    We want a generic group for all SAP Systems.

    The SAPINST does not get to the point trying to create the DB2 instance. It checks the group prior to the "CREATE INSTANCE and stops right there.

    So far we came to the conclusion that we need to create the Group db<sid>ctl so the SAPINST runs trough and afterwards we change the SYSCTRL_GROUP to "dbsysadm" since the <sid>adm has already been added to the group.

    We did not see any other place where the db<sid>ctl group is being used so I should work (theoretically).

    Not sure however how it will behave during an Upgrade. It might check the group again.

    I forgot to mention, that we switched from local Users zu LDAP Users. That why we wanted to try a generic group which would make administrating it way easier. Just using one group for all <sid>adm's.

    Regards

    Mirko

    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Mirco,

      this should work. SWPM requires the SID specific group names for the installation but afterwards SUM does not check the GROUP settings in the DBM CFG .

      Some DB specific rights are bound to those group names. For example system control authority includes

      implicit privilege to connect to the database. So every sidadm user may now be able to connect to every database. So make sure that you do not create unwanted security problems...

      Regards

      Frank

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.