Setting Permissions to a RAW Device

Set access permissions to a RAW device on Windows is required before you can use it.

To use RAW devices with SAP Sybase IQ, the account running SAP Sybase IQ cannot use UAC (User Account Controls).

The rawaccess utility must be run as an admin user. This is not the same as having admin privileges. This can be done by right-clicking Command Prompt and selecting Run As Administrator. "Administrator:" appears in the window title bar when running as an administrator.

By default, Windows does not allow direct write access to RAW devices, the /GRANT option is the simplest method to add access as it is merged in with the other default entries setup by the operating system.

The permission_types comply with the Microsoft Access Control Entry (ACE) for Windows. See http://msdn.microsoft.com/en-us/library/windows/desktop/aa374899(v=vs.85).aspx

rawaccess uses the standard Microsoft universal naming conventions for Win32 device namespaces. See http://msdn.microsoft.com/en-ca/library/windows/desktop/aa365247(v=vs.85).aspx.

  1. Open the Command prompt window running as an administrator.
  2. Type the following, specifying the user to be granted permissions:
    rawaccess filename [{/permission_type} trustee]
    Where:
    • filename – the Windows universal namespace filename path to the RAW device in one of the two formats:
      • \\.\logical_drive_name
      • \\.\physical_device_id
    • logical_drive_name – the partitioned letter used to represent the disk partition (for example: \\.\D:).
    • physical_device_id – the name assigned by the Window device manager. These names can be looked up using the Disk Manager in the control panel (for example: \\.\PhysicalDisk1).
    • permission_type – optional type of access action. If not specified, the current access list appears
      • DENY – Adds an access denied entry to the specified device for the specified trustee.
      • GRANT – Adds an access allowed entry to the specified device for the specified trustees. The access allowed entry is merged with any existing inherited access allowed rights.
      • REVOKE – Removes an access allowed entry to the specified device for the specified trustee.
      • SET – Sets an access allowed entry to the specified device for the specified trustee.
    • trustee – a valid login ID for a user account.
  3. View the access permissions to verify the permission is correctly set.

Example:

Grant access permission to the RAW device E: to user1.
rawaccess \\.\E: /Grant user1@company.com
The access permissions for the RAW device now appear as:
1. Allow All   to COMPANY\user1 (User)
2. Allow Exec  to \Everyone (Well Known Group)
3. Allow All   to NT AUTHORITY\SYSTEM (Well Known Group)
4. Allow All   to BUILTIN\Administrators (Alias)
5. Allow Exec  to NT AUTHORITY\RESTRICTED (Well Known Group)
Parent topic: Manage Data Storage