cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Some OPS$ Oracle accounts got DBA rights - Is this really necessary?

Go to solution
Former Member

on ‎05-07-2007 1:09 PM

0 Kudos

On some of the SAP Oracle DB I found that some OPS$ Accounts have DBA rights – I tried to search for SAP notes on OPS$ but the document (SAP note 361641) explained that SAPDBA role should be used.

[code]GRANTEE GRANTED_ROLE ADM DEF

-

-

--- ---

OPS$ED1ADM CONNECT NO YES

OPS$ED1ADM RESOURCE NO YES

OPS$ED1ADM SAPDBA NO YES

OPS$ED3ADM CONNECT NO YES

OPS$ED3ADM DBA NO YES

OPS$ED3ADM RESOURCE NO YES

OPS$ED3ADM SAPDBA NO YES

OPS$ORAED3 CONNECT NO YES

OPS$ORAED3 DBA NO YES

OPS$ORAED3 RESOURCE NO YES

OPS$ORAED3 SAPDBA NO YES[/code]

Also I found that some of them have SYSDBA rights ( connect as sysdba).

I don't like the security risk.

Best regards

Allan

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-07-2007 10:16 PM
0 Kudos

Hi,

OPS$<user> is used by SAP to read the password from the SAPUSER table.

It does not need DBA authorizations.

It should not have DBA authorizations.

Show replies
Show replies

Answers (0)

Ask a Question