on 02-06-2013 6:38 AM
Hi Techies,
We have SAP applications running on Oracle/Unix.
We use our own Unix IDs to login and then switch to orasid/sidadm to access database and application.
Is there a standard way to restrict the access to orasid/sidadm by giving required access to name based ids without having a tool (Data vault etc)?
This is required to implement security standards/policies on database/access.
Regards,
Nick Loy
How about sudo ?
Disclose the orasid password
and in the sudoers allow Tom and Hank to execute
sudo su - orasid
and Mike does not get this permission.
sudo.log will log timestamps who did switch to the orasid account and when.
Not world best, but third-best-simple for starters.
Volker
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Volker,
Currently we have newid mechnism same as sudo, it allows users to use orasid and sidadm without a password and it logs everything.
I am looking for an option where we can manage SAP and Database without orasid and sidadm.
I want to use orasid and sidadm as firefighters but not for my regular operations.
Regards,
Nick Loy
Hi Nick,
well it depends on the (allowed) tasks, that should be executed with your regular userid. You can use the os groups dba (SYSDBA) and oper (SYSOPER) for granting the same access.
.. or you can create several database users with SYSDBA privileges and using a password file (for remote connections).
Regards
Stefan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes. It is possible. Please check with your UNIX Script team for that.
Thanks and Regards,
Vimal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.