cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to secure database access?

Former Member

on ‎02-06-2013 6:38 AM

0 Kudos

Hi Techies,

We have SAP applications running on Oracle/Unix.

We use our own Unix IDs to login and then switch to orasid/sidadm to access database and application.

Is there a standard way to restrict the access to orasid/sidadm by giving required access to name based ids without having a tool (Data vault etc)?

This is required to implement security standards/policies on database/access.

Regards,

Nick Loy

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

volker_borowski2
Active Contributor
‎02-06-2013 5:43 PM
0 Kudos

How about sudo ?

Disclose the orasid password

and in the sudoers allow Tom and Hank to execute

sudo su - orasid

and Mike does not get this permission.

sudo.log will log timestamps who did switch to the orasid account and when.

Not world best, but third-best-simple for starters.

Volker

Show replies
Show replies
Former Member
‎02-08-2013 5:55 AM
0 Kudos

Hi Volker,

Currently we have newid mechnism same as sudo, it allows users to use orasid and sidadm without a password and it logs everything.

I am looking for an option where we can manage SAP and Database without orasid and sidadm.

I want to use orasid and sidadm as firefighters but not for my regular operations.

Regards,

Nick Loy

stefan_koehler
Active Contributor
‎02-08-2013 11:11 AM
0 Kudos

Hi Nick,

well it depends on the (allowed) tasks, that should be executed with your regular userid. You can use the os groups dba (SYSDBA) and oper (SYSOPER) for granting the same access.

.. or you can create several database users with SYSDBA privileges and using a password file (for remote connections).

Regards

Stefan

Former Member
‎02-06-2013 8:45 AM
0 Kudos

http://scn.sap.com/message/13821685#13821685

Show replies
Show replies
Former Member
‎02-06-2013 6:48 AM
0 Kudos

Yes. It is possible. Please check with your UNIX Script team for that.

Thanks and Regards,

Vimal

Show replies
Show replies
Ask a Question