Oracle9i Enterprise Edition Release 9.2.0.8.0 - Production

PL/SQL Release 9.2.0.8.0 - Production

CORE 9.2.0.8.0 Production

TNS for 32-bit Windows: Version 9.2.0.8.0 - Production

NLSRTL Version 9.2.0.8.0 - Production

-

Our company is being audited and one of the auditors identified the following default vender accounts (DBSNMP and OUTLN) are active and with default passwords. They recommended that the default vender account password should be changed. According to SAP note 700548 it states that SAP does not use the above-mentioned users. Before I go ahead and lock these accounts on our production box I want to make sure that these users are not being used at all by SAP. In matter of fact these two users are created during database creation:

DBSNMP: Supports Oracle SNMP (Simple Network Management Protocol).

The Oracle Intelligent Agent requires a database logon for each SID that it manages. By default this account is called "DBSNMP" and the password is "DBSNMP".

OUTLN: Oracle8i adds the OUTLN user schema to support Plan Stability. The OUTLN user acts as a place to centrally manage metadata associated with stored outlines.

This user has DBA role. It is used for plan stability ie. to keep the same execution plans for the same queries even if your system configuration or statistics changes. Execution plans will be the same in different Oracle releases with different optimizers.

Thank you