Skip to Content
0
Former Member
May 07, 2007 at 12:09 PM

Some OPS$ Oracle accounts got DBA rights - Is this really necessary?

23 Views

On some of the SAP Oracle DB I found that some OPS$ Accounts have DBA rights – I tried to search for SAP notes on OPS$ but the document (SAP note 361641) explained that SAPDBA role should be used.

[code]GRANTEE GRANTED_ROLE ADM DEF

-


-


--- ---

OPS$ED1ADM CONNECT NO YES

OPS$ED1ADM RESOURCE NO YES

OPS$ED1ADM SAPDBA NO YES

OPS$ED3ADM CONNECT NO YES

OPS$ED3ADM DBA NO YES

OPS$ED3ADM RESOURCE NO YES

OPS$ED3ADM SAPDBA NO YES

OPS$ORAED3 CONNECT NO YES

OPS$ORAED3 DBA NO YES

OPS$ORAED3 RESOURCE NO YES

OPS$ORAED3 SAPDBA NO YES[/code]

Also I found that some of them have SYSDBA rights ( connect as sysdba).

I don't like the security risk.

Best regards

Allan