cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security requirements for SAP installation

Go to solution
Former Member

on ‎04-10-2008 9:41 AM

0 Kudos

Hi

We have external SAP contractors that do all the Basis-type work for us, and whenever an installation needs to be done we're asked to give them Domain Admin rights so they can perform the installation.

This seems extremely excessive for an installation of SAP. I know it needs to create domain users as part of the installation process, but this doesn't mean Domain Admin rights need to be given.

Is there a way to give lower rights to a user to be able to complete the installation of SAP products? Or even better, does the installation allow you to enter the credentials of a more privileged user for the tasks that need it - but let the rest of the installation proceed as a local Administrator on that server?

I'm not involved in Basis work myself, so this is quite foreign - but I have a big issue with giving out Domain Admin rights that easily.

Please could someone give some advice on this? I assume others have come across a similar problem?

Thanks

Stuart

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-10-2008 12:30 PM
0 Kudos

Hi,

For SAP installation you just need to be administrator of the server.

But in that case, you need to ask the domain adminstrators to create for you before beginning the installation the necessary domain users and domain group.

BEWARE to respect the upper/lower case exactly as SAP writes the users and group.

Windows may not mind but SAPINST surely does !

This process is clearly explained in the documentation. Exemple in my current CRM 2007 installation documentation :

Chapter 3.6 "Performing a Domain Installation Without Being a Domain Administrator" page 59.

Regards,

Olivier

Show replies
Show replies
Former Member
‎04-10-2008 2:37 PM
0 Kudos

Thanks... that's excellent.

I'll read through the documentation now and make sure we follow this process from now on.

Interesting that you mention CRM 2007... that's what we're just busy installing (or trying to) as we speak!

Answers (1)

Answers (1)

JPReyes
Active Contributor
‎04-10-2008 9:53 AM
0 Kudos

You're right.... they need to create a few users but they do not need to be domain admins... as long as theres good comunication between the Basis contractors and your domain admins this can be avoided.

Also they might need LDAP access but again this can be done in a controlled manner if the teams work together.

Regards

Juan

Show replies
Show replies
Ask a Question