Hi

> During recent audit, it was found that the database (Oracle) setting is not following our IT security guidelines. Refer to below.

It looks like the "audit" does not know neither Oracle nor SAP.

>

> 1) OS_AUTHENT_PREFIX -> ops$ (instead of null)

You could do this, but then you have to recreate the "OPS$" user that SAP (ABAP) uses to get the correct password for the SAP schema to connect to the database.

You could also use the default password, but I assume that your "audit" also checks that you do not use it.

> 2) REMOTE_OS_AUTHENT -> TRUE (instead of FALSE)

If this parameter is not set then SAP (ABAP) will have problems to connect to to Oracle.

You can set it, but only if you use the default SAP Schema password, and I think that is a bigger issue.

The two previous issue could be easily "minimized" using the following SQLNET parameters to avoid connections from outside the authorized servers:

tcp.validnode_checking

tcp.invited_nodes

> 3) REMOTE_LOGIN_PASSWORDFILE -> NONE (instead of EXCLUSIVE)

There is no issue setting this.

> 4) DBLINK_ENCRYPT_LOGIN -> FALSE (instead of TRUE)

Puff, this is quite old and totally irrelevant as oracle encrypts the passwords for db links since version 7

> 5) oracle db listener password was currently not activated (DBA feedback that if password is activated, our SAP might not be able to start/stop database instance)

>

This does not have any impact on the SAP system.

The note you must check is 700548 "FAQ: Oracle authorizations"

I think it has an answer for all (or most) of this questions