on 04-20-2007 1:56 PM
In NW2004 the ops$sidADM id is granted the SAPDBA role and I don't think that it's a good idea, specially when the whole purpose of ops$sidADM is to query the SAPUSER table. We don't use ops$ account for running the BR*Tools and I was wondering about the risks that might be involved in removing the sapdba role from the ops$sidADM id. ANy help..
You are using Oracle 10g? If so, the Oracle roles have changed in 10g.
Read SAP note 834917 - Oracle Database 10g: New database role SAPCONN.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Does that mean that we can safely remove sapdba roles from all the ops$ account as well as the SAPSR3 and SAPSR3DB account?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
believe me, you have to run both of them.
SAPCONN_ROLE.sql creates a role which provides the minimum rights you need to connect to the database and run all commands within SAP DDIC to create and maintaine database objects.
SAPDBA_ROLE.sql creates a role which you need to run br*tools based db administration.
none of both is replacing the other.
regards
Peter
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.