on 09-22-2008 8:08 AM
Dear Reader,
status: newbie; security planning
as in note 926023 :
"The "CREATE DATABASE LINK" authorization should be deactivated for database users and database roles that do not need this authorization."
on the other hand, the SAP PRESS Book:
SAP Database Administration with Oracle
recommends deactivating every account.
How do i secure that - in my case
DBA, RECOVERY_CATALOG_OWNER and IMP_FULL_DATABASE
do not need this authorization?
thanks in advance,
Hi,
DBA, RECOVERY_CATALOG_OWNER and IMP_FULL_DATABASE are the standard roles.. Instead of revoking the CREATE DATABASE LINK authoization, from the above mentioned roles, you can revoke these roles from the user which are not required in SAP environment.
Whereas you can consider revoking from roles such as connect (again which is the standard role from Oracle) and SAPCONN which is created by SAP.
Please also refer the SAP note
700548 - FAQ: Oracle authorizations
for more details.
Regards,
Arun.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.