In NW2004 the ops$sidADM id is granted the SAPDBA role and I don't think that it's a good idea, specially when the whole purpose of ops$sidADM is to query the SAPUSER table. We don't use ops$ account for running the BR*Tools and I was wondering about the risks that might be involved in removing the sapdba role from the ops$sidADM id. ANy help..
I don't think that we are going to use DB13 to run any DB related functionality, instead we are using the Cron jobs to schedule all the DB related jobs. Also, SAPDBA can be replaced by SAPCONN as SAPDBA has lots of privileges that might trigger an Audit alert.
SAPCONN_ROLE.sql creates a role which provides the minimum rights you need to connect to the database and run all commands within SAP DDIC to create and maintaine database objects.
SAPDBA_ROLE.sql creates a role which you need to run br*tools based db administration.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.