cancel
Showing results for 
Search instead for 
Did you mean: 

"CREATE DATABASE LINK" authorization

Former Member
0 Kudos

Dear Reader,

status: newbie; security planning

as in note 926023 :

"The "CREATE DATABASE LINK" authorization should be deactivated for database users and database roles that do not need this authorization."

on the other hand, the SAP PRESS Book:

SAP Database Administration with Oracle

recommends deactivating every account.

How do i secure that - in my case

DBA, RECOVERY_CATALOG_OWNER and IMP_FULL_DATABASE

do not need this authorization?

thanks in advance,

Accepted Solutions (0)

Answers (1)

Answers (1)

0 Kudos

Hi,

DBA, RECOVERY_CATALOG_OWNER and IMP_FULL_DATABASE are the standard roles.. Instead of revoking the CREATE DATABASE LINK authoization, from the above mentioned roles, you can revoke these roles from the user which are not required in SAP environment.

Whereas you can consider revoking from roles such as connect (again which is the standard role from Oracle) and SAPCONN which is created by SAP.

Please also refer the SAP note

700548 - FAQ: Oracle authorizations

for more details.

Regards,

Arun.