Hi,

For the directory sapdatax the only group that appears is Everyone with full control permit requirements.

That can bring consequences, change the file permissions to read-only?

Thanks for all the help,

Regards,

can you please give us the ACL (Access Control List) for the directory sapdata1?

typically the installation is just setting addtional Access Control Entries to directories below \oracle\<SAPSID> or \oracle\<SAPSID>\sapdataX. All entries inherited by parent directories are not changed by the installation.

Everyone = Fullcontrol (which was the default in Windows Server 2003) is probably be inherited from the disk volume level.

regards

Peter

Hi,

yes, on windows environment everyone group should not be given full access

on my solman system, I gave read and execute only.

giving read only is considerable, since sapdata, oraarch etc should only be executed with <sid>adm and ora<sid> user only.

similar to my explanation for unix environment, the last three digits are permission for everyone else,

which is set to r-x (read-no write access-execute)

also, keep monitoring on user management and user access can prevent or minimize security leakage.

hope it help you.

rgds,

Alfonsus Guritno.

thanks very much, but my OS is windows 2003 server.

Hi,

I have looked at all my system

the directory under /oracle/<SID> like sapdata, oraarch etc have permission 755 (drwxr-xr-x) and onwer is ora<sid>:dba

so the proper permission are full access for owner, and the other has read-execute permission.

hope it help you.

rgds,

Alfonsus Guritno