on 08-08-2006 2:34 PM
Is there a possibility to disable the
sqlplus /nolog
Connect /as sysdba
Due to the fact, that if a person has the possibility to access the Operating System; he will have the opportunity to access the DB withou entering an aditional password. We want to establish levels of security between OS and DB. What are your recommendations? Is it possible to do it? How? If so, what could be the repercussion in the rest of my SAP servers?
I also want to know what could be the steps to change, the password of my oracle users (system, SYS, SAP<sid>) without affecting my sap business processes
Thanks in Advance
Henry
SAP is currently using local Operating System Groups to identify Oracle DBAs and Operators.
There are 4 local Groups:
ORA_DBA DBAs for all DBs on this computer
ORA_OPER operators for all DBs on this computer
ORA_SID_DBA DBAs for Instance SID
ORA_SID_OPER Operators for Instance SID
which control the access to the connect / as sysdba or connect / as sysoper.
Note: not every user which has access to the os has access to DBA or Oper functions of the database.
A user wihtout being member of these groups and without the right to maintain local groups is not able to access the database at all without using dbuser/password.
You can switch off OS based DBA/Oper Identification by
editing %ORACLE_HOME%\network\admin\sqlnet.ora.
Comment out sqlnet.authentification_services=NTS.
before doing so you have to create a passwordfile (which will implicitly set the password for oracles sys user) and changing the db parameter remote_login_passwordfile to exclusive.
If you are configuring the database to use password files you will no longer be able to startup the database during SAP Instance startup.
all other DB users password can be changed using brconnect.
regards
Peter
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
78 | |
9 | |
7 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.