cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAPR3- Password Issue

Former Member

on ‎02-24-2009 1:31 AM

0 Kudos

Hello Guru's,

Can somebody suggest the best way to track the concern person who changed the SAPR3 User password,

User - SAPR3

Type - Database user (SAP System)

Method used to change password -BRCONNECT,SQLPLUS

We don't know the responsible person who is responsible for this activity.

Please help me in this vital situation, so that we can take care of the things in future.

Suggest me the ways whether from SAP Level or from Oracle Level.

Waiting for your responses....

Thanks & Regards

Shishir

<modified_by_moderator>

  • Please do not ask for help from specific individuals.

Read the "Rules of Engagement"

Edited by: Juan Reyes on Feb 24, 2009 3:39 PM

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

former_member204746
Active Contributor
‎02-24-2009 1:52 PM
0 Kudos

a few things:

1. do not mark question for individuals, other users might get offended and not respond to your query, even if they have an answer for you.

2. You changed the status of about 20 topics to "answered" but did not give points to anyone.

now, Lars gave you a very good answer, you were lucky that he answered you because I would not have given an answer as good an his. You were luck that he answered you!

Show replies
Show replies
Former Member
‎02-24-2009 7:07 AM
0 Kudos

Hi Shish,

As told by LARS you need to configure Oracle Audit functionality before getting this type of issues.

And how an user can change DB user password without accessing your database? Very Strange

It might be your collegue or by you?

And check all DBA logs may be get something about this change?

Regards

Nick Loy

Show replies
Show replies
lbreddemann
Active Contributor
‎02-24-2009 6:28 AM
0 Kudos

Hi Shishir,

although I'm neither Markus nor Eric, let's see what I can tell you

Changing passwords of oracle users is not logged to a table or view per default.

To enable such kind of auditing you'll have to enable exactly this: the Oracle auditing functionality (audit_trail).

If you don't have auditing enabled yet, you may try to use the Oracle Logminer to review the change of the password.

In any case, the biggest problem with your request is, that most DBAs are used to perform all changes as SYS or SYSTEM user and thereby share the same DBA users accounts.

So the best you are likely to get is the timestamp when the password had been changed, but rather not the name of the real user who performed the change.

hope you like the answer anyhow,

Lars

Show replies
Show replies
former_member185031
Active Contributor
‎02-24-2009 5:56 AM
0 Kudos

Logically who can access BRCONNECT or BRTOOLS can change the password of SAPSR3 and suppose somewhere in Database it store the username, then it should be <sidadm> or <orasid>

so it will show the these users only (if exists in database). In that case how you will identify?

Regards

Subhash

Show replies
Show replies
former_member603052
Contributor
‎02-24-2009 5:44 AM
0 Kudos

Hi,

I think you can noway find out as per my knowledge.Lets see what your gurus say.

Hope you find it.

Regards,

Kalyan

Show replies
Show replies
Ask a Question