May 07, 2007 at 12:09 PM
Some OPS$ Oracle accounts got DBA rights - Is this really necessary?
On some of the SAP Oracle DB I found that some OPS$ Accounts have DBA rights I tried to search for SAP notes on OPS$ but the document (SAP note 361641) explained that SAPDBA role should be used.
[code]GRANTEE GRANTED_ROLE ADM DEF
-
-
--- ---
OPS$ED1ADM CONNECT NO YES
OPS$ED1ADM RESOURCE NO YES
OPS$ED1ADM SAPDBA NO YES
OPS$ED3ADM CONNECT NO YES
OPS$ED3ADM DBA NO YES
OPS$ED3ADM RESOURCE NO YES
OPS$ED3ADM SAPDBA NO YES
OPS$ORAED3 CONNECT NO YES
OPS$ORAED3 DBA NO YES
OPS$ORAED3 RESOURCE NO YES
OPS$ORAED3 SAPDBA NO YES[/code]
Also I found that some of them have SYSDBA rights ( connect as sysdba).
I don't like the security risk.
Best regards
Allan