cancel
Showing results for 
Search instead for 
Did you mean: 

Can I drop OPS$ users after implementing of SSFS ?

Former Member
0 Kudos

Hello! Can I drop OPS$ users after implementing of SSFS ? Will other software works fine ? Such as sqlplus or something else ?

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi Igor.

Please take a look at this SAP NOTE:


1622837 - Secure connection of AS ABAP to Oracle via SSFS



3.3: Local OPS$ connect for BR* Tools

Regardless of the old or new SAP connect method described in this note, the BR* database administration tools from SAP continue to use the local OPS$ connect ("connect /") for the operating system user <sid>adm with the database user ops$<sid>adm. In UNIX systems, the same also applies to ora<sid> or ops$ora<sid>. After 3.1., these database users no longer have any data segments in the database, but they retain the authorization of the role "SAPDBA".

The local OPS$ connect is also still possible in future Oracle releases after 11g and is not influenced by the parameter REMOTE_OS_AUTHENT. This does not affect the issue of security in the SAP system.

Password changes, in particular, the encrypted entry in the table SAPUSER, were made for the old connect method using brconnect. When you use only the new method (that is, after 3.1.), the entry in the table SAPUSER is no longer required. The database password can still be changed with brconnect.

SAP Note 1764043 describes the support of the new connect method with the BR*Tools.

Important:

After the Oracle parameter REMOTE_OS_AUTHENT has been removed, you sould use transaction DB17 to change the relevant BRCONNECT check condition that monitors its setting: The check value and the check operator are deleted or removed.

In this case, an alert is triggered if the parameter REMOTE_OS_AUTHENT is specified in the Oracle Spfile.


Regards.

Osvaldo Dias Ferreira

former_member185239
Active Contributor
0 Kudos

Hi Igor,

Yes, you can drop the user OPS$ and also the parameter os_authent_prefix and remote_os_authent parameter from the spfile.

With Regards

Ashutosh Chaturvedi