on 01-31-2011 8:51 AM
Hi,
My company is using SAP ECC6.0 installed with a Oracle 10G database. On the Oracle database, there are SYS and SYSTEM default system user IDs which have privileged access rights on the database. However, I am not sure if the user IDs are able to perform direct database level changes (e.g. change a value in a SAP table containing employee payroll information) on the oracle database as I was posted this question by the auditor. They have asked me to secure the IDs properly but to my knowledge, these IDs can only perform administrative database level configurations and not direct data level changes.
Can someone shed some light on this?
Thanks!
Hi!
You need to change the password for SYS and SYSTEM. Do not change access privs on those two users!
The following users can be locked (and get a new password):
ORACLE_OCM
DBSNMP (This user are in user if you user Oracle Grid Control)
DIP
OUTLN
APPQOSSYS
Regards
Audun
DBA
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
If by securing you mean setting non-default passwords and restricting access to SYS and SYSTEM to database administrators, then that is exactly what you should do. Database users with administrative privileges, in the case of Oracle: SYS and SYSTEM, always have the ability to read or modify any object in the databases/schemas that they manage. This is not just true for Oracle but for any DBMS.
Regards,
Mark
Hello,
The SYS and SYSTEM users exist in all Oracle databases and both have full DBA rights. This means they will be able to change anything in the database, including data in tables in the SAP schema. These users must be properly protected by passwords, and access to tools allowing anyone to log on with these IDs (e.g. terminal server access to the database server, which would enable users to access SQLPLUS) must be restricted. You should refrain however from lowering the privileges of either user. As far as I can see this might perhaps be feasible for the SYSTEM user, alhough I have never seen a database where this is done, but it is certainly not allowed for SYS.
Regards,
Mark
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
89 | |
10 | |
9 | |
9 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.