on 05-07-2007 1:09 PM
On some of the SAP Oracle DB I found that some OPS$ Accounts have DBA rights I tried to search for SAP notes on OPS$ but the document (SAP note 361641) explained that SAPDBA role should be used.
[code]GRANTEE GRANTED_ROLE ADM DEF
-
-
--- ---
OPS$ED1ADM CONNECT NO YES
OPS$ED1ADM RESOURCE NO YES
OPS$ED1ADM SAPDBA NO YES
OPS$ED3ADM CONNECT NO YES
OPS$ED3ADM DBA NO YES
OPS$ED3ADM RESOURCE NO YES
OPS$ED3ADM SAPDBA NO YES
OPS$ORAED3 CONNECT NO YES
OPS$ORAED3 DBA NO YES
OPS$ORAED3 RESOURCE NO YES
OPS$ORAED3 SAPDBA NO YES[/code]
Also I found that some of them have SYSDBA rights ( connect as sysdba).
I don't like the security risk.
Best regards
Allan
Hi,
OPS$<user> is used by SAP to read the password from the SAPUSER table.
It does not need DBA authorizations.
It should not have DBA authorizations.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
78 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.