2021-09-02 1598594

1598594 - BR*Tools configuration for Oracle installation

using user "oracle"
Version 50 Type SAP Note
Language English Master Language German
Priority Recommendations / Additional Info Category Consulting
Release Status Released for Customer Released On 11.09.2019
Component BC-DB-ORA-DBA ( Database Administration )

Please find the original document at https://launchpad.support.sap.com/#/notes/ 1598594

Symptom

Preliminary remark
The BR*Tools configuration described in this SAP Note became the standard
configuration for all installations (not only for ASM and RAC) as of Oracle 12c.
This means that the configuration and authorization concepts described here are
generally valid for Oracle 12c.

Request reason
The following Oracle 11g white papers:

"Configuration of SAP NetWeaver for Oracle Grid Infrastructure 11.2 with Oracle Real Application
Clusters 11g Release 2 - A Best Practices Guide" [http://www.sdn.sap.com/irj/sdn/ora -> Oracle Real
Application Clusters (RAC)]

"SAP Databases on Oracle Automatic Storage Management 11g Release 2"

[http://www.sdn.sap.com/irj/sdn/ora -> Oracle Automatic Storage Management (ASM)]

"Using SAP NetWeaver with the Oracle Exadata Database Machine - A Best Practices Guide"
[http://www.sdn.sap.com/irj/sdn/ora -> Oracle Exadata]

recommend that you install Oracle 11g software for RAC (Real Application
Cluster) and/or ASM (Automatic Storage Management) on UNIX systems; to do this,
use the OS user "oracle" and the OS group "oinstall".
This change affects the configuration of BR*Tools on the database server. You
can no longer use BR*Tools in the standard configuration (for example, BRBACKUP-
Owner ora<dbname> + S-Bit) For example, backup actions fail with authorization
problems.

Important: With regard to the OS-specific information, this SAP Note only applies
to UNIX installations. With regard to ASM-specific information, this SAP Note
applies to both UNIX and Windows installations. Exceptions: Recommendations
relating to the "sapprof" directory and SAPSWITCH environment variable affect
all platforms.

Other Terms

BR*Tools, Oracle 11g, Real Application Cluster, RAC, Automatic Storage

Management, ASM, Exadata

Reason and Prerequisites

Installation information

© 2021 SAP SE or an SAP affiliate company. All rights reserved 1 of 8

2021-09-02 1598594

For BR*Tools or RAC subjects that are not dealt with explicitly in this note,
you must continue to refer to the following notes:
131610, 905359, and 1033126.

Solution

I. Common prerequisites and configuration of BR*Tools for Oracle installations using the UNIX user
"oracle" for non-ASM and ASM

1. Installing the Oracle software

The Oracle software installation corresponds to the requirements in the Oracle

White Papers mentioned above. Among other things, it is important that the
Oracle database instance uses an spfile to start up.
In addition, Oracle Instant Client 11g must be installed in the directory
/oracle/client/11x_64/instantclient.

2. Required version of BR*Tools

Only BR*Tools 7.20 patch level 14 or higher can be used in this environment
without ASM. BR*Tools 7.20 patch level 18 includes full support for Oracle ASM
(see Note 1627541).

3. Configuration of the BR executables

Comment:
In many of the examples listed below, PRD was set for <SAPSID>.

BR*Tools are installed in the "sap-exe" directory (default:

/usr/sap/<SAPSID>/SYS/exe/run) and have the following permissions (note the
owner and S-Bits):

-rwsrwsr-- 1 oracle oinstall 7732338 May 31 16:30 brarchive

-rwsrwsr-- 1 oracle oinstall 7908129 May 31 16:30 brbackup
-rwsrwsr-- 1 oracle oinstall 9970354 May 31 16:30 brconnect
-rwsrwsr-- 1 oracle oinstall 8376747 May 31 16:31 brrecover
-rwsrwsr-- 1 oracle oinstall 2783544 May 31 16:31 brrestore
-rwsrwsr-- 1 oracle oinstall 10479944 May 31 16:31 brspace
-rwxr-xr-x 1 prdadm sapsys 4103679 May 31 16:31 brtools

You can use the "root" user to set these authorizations as follows; for example:
> su - root
> cd /usr/sap/PRD/SYS/exe/run
> chown oracle:oinstall brarchive brbackup brconnect brrecover brrestore brspace
> chmod 6774 brarchive brbackup brconnect brrecover brrestore brspace

You can achieve the same by calling the script "oraroot.sh" with the user "root"
as follows:
> su - root
> cd /usr/sap/PRD/SYS/exe/run
> oraroot.sh PRD oracle

The "SAPEXE" environment variable points to this directory.

For example: SAPEXE = /usr/sap/PRD/SYS/exe/run

Caution 1:
For installations on IBM AIX 6.1 or higher, you must make the following settings

© 2021 SAP SE or an SAP affiliate company. All rights reserved 2 of 8

2021-09-02 1598594

for all BR executables for AIX RBAC (Role Based Access Control); to do this, use
the "root" user:

setsecattr -c accessauths=ALLOW_OWNER,ALLOW_GROUP innateprivs=PV_DAC_UID

secflags=FSF_EPS <path>/<brtool>

where:
<path> - "sap-exe" directory (for example, /usr/sap/PRD/SYS/exe/run)
<brtool> - brarchive, brbackup, brconnect, brrecover, brrestore, brspace
You must then execute the following OS command under "root":
setkst

If you did not do this, the following error occurs in BR*Tools on AIX:
BR0251E Function setreuid() failed at location BrEnvProcess-111
BR0253E errno 1: Not owner

Caution 2:
Make sure that the file system that contains BR executables supports the s-bit.
You are not allowed to use the "nosuid" option for mounting. In particular, this
affects Linux systems.

4. Sapdata home directory

The Sapdata home directory (default: /oracle/<DBNAME>) contains the Oracle home
directory and the BR*Tools log directories (note the permissions) among other
things.

lrwxrwxrwx 7 oracle oinstall 4096 May 31 14:56 112 -> 11202

drwxr-xr-x 7 oracle oinstall 4096 May 31 14:56 11202
drwxrwxr-x 2 oracle oinstall 4096 May 31 17:07 saparch
drwxrwxr-x 2 oracle oinstall 4096 May 31 17:14 sapbackup
drwxrwxr-x 2 oracle oinstall 4096 May 31 17:07 sapcheck
drwxrwxr-x 2 oracle oinstall 4096 May 31 17:12 sapprof
drwxrwxr-x 2 oracle oinstall 4096 May 31 17:12 sapreorg
drwxrwxr-x 2 oracle oinstall 4096 May 31 17:12 saptrace

Important: See point II.2 for permissions for sapdataX directories for the non-ASM
scenario.

The "SAPDATA_HOME" environment variable points to this directory.

For example: SAPDATA_HOME=/oracle/PRD

5. "sapprof" directory
(This also applies to Windows platforms - the "dbs" directory name is replaced
by "database" there.)

The new "sapprof" directory in Sapdata home contains the BR*Tools profile and a
"transparent" copy of the Oracle profile (on UNIX, please note the permissions):

-rw-rw-r-- 1 oracle oinstall 1274 May 31 17:30 init<DBSID>.ora

-rw-rw-r-- 1 oracle oinstall 26534 May 31 17:30 init<DBSID>.sap

Copy these files from the $ORACLE_HOME/dbs directory to the "sapprof" directory.
The init<DBSID>.ora is replaced in the $ORACLE_HOME/dbs directory with a profile
that contains only the "spfile" parameter. The init<DBSID>.sap is deleted there.
For non-ASM installations, the Spfile remains in the directory $ORACLE_HOME/dbs
by default; in ASM installations, it is located on an ASM disk.

© 2021 SAP SE or an SAP affiliate company. All rights reserved 3 of 8

2021-09-02 1598594

Caution: If $ORACLE_HOME/dbs already contains an init<DBSID>.ora that contains

only the parameter "spfile", create an empty init<DBSID>.ora in sapprof with the
relevant authorizations.

6. Runtime environment of BR*Tools

All BR*Tools programs can be used with the OS user <sapsid>adm and the OS user
ora<dbsid>. By default, they are started with the user <sapsid>adm. For both OS
users, the DB instance is uniquely defined via the environment variables
ORACLE_SID and ORACLE_HOME (plus ORACLE_BASE if appropriate).
The BR*Tools programs should not be used with the OS user "oracle". However, to
start the BR*Tools programs with the user "oracle" in exceptional circumstances,
you must set the corresponding Oracle environment variables (ORACLE_SID,
ORACLE_HOME) and the BR*Tools-specific environment variables (such as
SAPDATA_HOME, SAPEXE) beforehand. For more information, see SAP Note 1554661.

Important: In the ASM/RAC environment, you must use the OS user <sapsid>adm to
start BR*Tools if several RAC database instances are located on one node and if
BRBACKUP or BRARCHIVE are to be started without a password (see Note 914174,
page 4.). In this configuration, BR*Tools execute internal actions on the remote
nodes. These actions would then fail under the "oracle" user due to an incorrect
environment.

7. OPS$ORACLE database user

If the user OPS$ORACLE does not exist, create it in the database as follows:
SQL> connect / as sysdba
SQL> create user ops$oracle identified externally;
SQL> grant sapdba to ops$oracle;

II. Additional prerequisites and configuration of BR*Tools for Oracle installations using the UNIX user
"oracle" for non-ASM

1. Group assignment of <sapsid>adm OS user

In addition to the standard groups (such as sapsys, dba, oper, sapinst),

<sapsid>adm also belongs to the OS group "oinstall".

2. Sapdata home directory

In the case of non-ASM, the Sapdata home directory (standard: /oracle/<DBNAME>)

also contains sapdataX, redo log and archive log directories (note the
permissions).

drwxr-xr-x 2 oracle oinstall 4096 May 31 17:07 mirrlogA

drwxr-xr-x 2 oracle oinstall 4096 May 31 17:07 mirrlogB
drwxr-xr-x 2 oracle oinstall 4096 May 31 17:07 oraarch
drwxr-xr-x 2 oracle oinstall 4096 May 31 17:07 origlogA
drwxr-xr-x 2 oracle oinstall 4096 May 31 17:07 origlogB
drwxr-xr-x 2 oracle oinstall 4096 May 31 17:07 sapdata1
drwxr-xr-x 2 oracle oinstall 4096 May 31 17:07 sapdata2
drwxr-xr-x 2 oracle oinstall 4096 May 31 17:07 sapdata3
drwxr-xr-x 2 oracle oinstall 4096 May 31 17:07 sapdata4

3. SAPSWITCH environment variable

(This also applies to Windows platforms.)

If you use the BACKINT interface (backup_dev_type = util_file | util_file_online

© 2021 SAP SE or an SAP affiliate company. All rights reserved 4 of 8

2021-09-02 1598594

| util_vol | util_vol_online) for database backups, set the following

environment variable permanently:
SAPSWITCH = /oracle/<DBNAME>/sapbackup
It determines for the directory where switch files (.switch.sem, .switch.lis,
.switch.log) that are used for communication between BRBACKUP and the BACKINT
interface program are stored.

III. Additional prerequisites and configuration of BR*Tools for Oracle installations using the UNIX
user "oracle" for ASM

1. Group assignment of <sapsid>adm OS user

In addition to the standard groups (such as sapsys, dba, oper, sapinst),

<sapsid>adm also belongs to the OS groups "asmdba", "asmoper", and "oinstall".

2. Parameters for ASM installations

For ASM installations, set the following parameters in the init<DBSID>.sap

profile (adjust the entries):

# Oracle system id of ASM instance

# default: +ASM
asm_ora_sid = +ASM

# Oracle home of ASM instance

# no default
asm_ora_home = /oracle/GRID/11202

# Oracle ASM root directory name

# default: ASM
asm_root_dir = ASM

For ASM/RAC installations, asm_ora_sid and asm_ora_home can be defined for each
instance:

asm_ora_sid = (<db_inst1>:<asm_inst1>, <db_inst2>:<asm_inst2>, ...)

asm_ora_home = (<db_inst1>:<asm_home1>, <db_inst2>:<asm_home2>, ...)

For example:

asm_ora_sid = (RAC001:+ASM1, RAC002:+ASM2, RAC003:+ASM3, RAC004:+ASM4)

asm_ora_home = (RAC001:/oracle/GRID/11203, RAC002:/oracle/GRID/11203,
RAC003:/oracle/GRID/11202, RAC004:/oracle/GRID/11202)

3. Location of ASM files on ASM disk groups

All of the ASM files that belong to a database must be on the used ASM disk
groups below the relevant database root directories. The name of the database
root directory corresponds to the database name (Oracle parameter "db_name" or
"db_unique_name").
If PRD is the database name, for example, the following files meet the
condition:

+DATA/PRD/DATAFILE/system.334.761302249
+DATA/PRD/DATAFILE/sysaux.296.761302097
+DATA/PRD/TEMPFILE/psaptemp.344.761302309
+OLOG/PRD/ONLINELOG/group_1.329.761302067

© 2021 SAP SE or an SAP affiliate company. All rights reserved 5 of 8

2021-09-02 1598594

and the following do not:

+DATA/PRT/DATAFILE/psapstabd.289.761302205
+DATA/PRT/DATAFILE/psapstabi.307.761302239
+DATA/PRT/DATAFILE/psapbtabd.305.761302169
+DATA/PRT/DATAFILE/psapbtabi.303.761302181

Important: ASM files are not case-sensitive.

The naming conventions for naming ASM disk groups are specified in the Oracle
White Papers mentioned above.

4. Using the ASM aliases

ASM aliases are obligatory for Spfile and control files and they have the
following default names:
<asm_disk_group>/<db_name>/spfile<db_name>.ora
<asm_disk_group>/<db_name>/cntrl<db_name>.dbf

For example:
+DATA/PRD/spfilePRD.ora
+DATA/PRD/cntrlPRD.dbf
+ARCH/PRD/cntrlPRD.dbf
+RECO/PRD/cntrlPRD.dbf

We strongly recommend that you explicitly specify an ASM directory in a separate

ASM disk group for the value of the archive log destination:
<asm_disk_group>/<db_name>/oraarch
In the case of ASM/RAC installations, this is even mandatory.
This setting ensures that the archive log files are created as ASM alias by
Oracle.
For example:
log_archive_dest_1 = "LOCATION=+ARCH/PRD/oraarch"
Create the directories manually (if they do not already exist):
SQL> connect / as sysdba
SQL> alter diskgroup ARCH add directory '+ARCH/PRD';
SQL> alter diskgroup ARCH add directory '+ARCH/PRD/oraarch';

Other database files (data files, redo log files) are created as Oracle-managed
files (OMF) by default and therefore do not have alias names.
However, the use of alias names is allowed.
Important:
BR*Tools provide only limited support for ASM alias in the case of data files
and redo log files. This means that not all BR*Tools functions or actions are
available for ASM alias or that they are not completely available.

5. Location of RMAN snapshot control file on ASM disk group

In the case of ASM/RAC installations, the RMAN snapshot control file should be
located in an ASM disk group (in the "+<disk_group>/<db_name>" directory). You
can set this permanently using the RMAN CONFIGURE command, for example:
> rman nocatalog target /
RMAN> configure snapshot controlfile name to '+DATA/SID/snapcfSID.dbf';

This document refers to

© 2021 SAP SE or an SAP affiliate company. All rights reserved 6 of 8

2021-09-02 1598594
SAP Note/KBA Title

905359 Using BR*Tools for Oracle RAC databases

527843 Oracle RAC support in the SAP environment

1693680 Running SAP Software on Oracle SuperCluster

1627541 BR*Tools support for Oracle ASM and Exadata/ODA

1590515 SAP Software and Oracle Exadata

1554661 Configuration of environment for 'oracle' user

1550133 Using Oracle Automatic Storage Management (ASM) with SAP NetWeaver based Products

131610 Database logon using standby/backup host or with Real Application Cluster (RAC)

113747 Owners and authorizations of BR*Tools

1033126 BR*Tools support for Oracle 10g RAC

This document is referenced by

SAP
Title
Note/KBA

2921786 Checklist: Remote Oracle Monitoring in SOLMAN

BR1830W Oracle profile '$ORACLE_HOME/dbs/init<DBSID>.ora' should contain only the 'spfile'

2659458
parameter

2525676 During migration SWPM reports ORA-01017

2884306 Managing SAPDATA_HOME and ORACLE_BASE on Oracle Engineered Systems

2847437 Older Versions: SAP Software and Oracle Exadata

2290084 SAP Software and Oracle Database Appliance Version 12.1

113747 Owners and authorizations of BR*Tools

527843 Oracle RAC support in the SAP environment

1627541 BR*Tools support for Oracle ASM and Exadata/ODA

1550133 Using Oracle Automatic Storage Management (ASM) with SAP NetWeaver based Products

1590515 SAP Software and Oracle Exadata

1760737 SAP Software and Oracle Database Appliance 2.x

1693680 Running SAP Software on Oracle SuperCluster

© 2021 SAP SE or an SAP affiliate company. All rights reserved 7 of 8

2021-09-02 1598594
1554661 Configuration of environment for 'oracle' user

905359 Using BR*Tools for Oracle RAC databases

131610 Database logon using standby/backup host or with Real Application Cluster (RAC)

1033126 BR*Tools support for Oracle 10g RAC

Terms of use | Copyright | Trademark | Legal Disclosure | Privacy

© 2021 SAP SE or an SAP affiliate company. All rights reserved 8 of 8