Skip to Content
author's profile photo Former Member
Former Member

Audit Suggestion

Dear Friends,

Our company have been audited by Ernest & Young company.

EY suggested us to perform below things on our Oracle 9.2:

1) Change OUTLN and SYS password.

2) Enabling audit_trail

3) Enabling RESOURCE_LIMIT

I need your confirmation based on EY's audit result if we perform those

changes on our system,

Do we have any impact on our system? What are the impacts?

1) based on OSS notes 562863, we can change SYS and OUTLN password

without affecting R/3 system. However, if i ask my supervisor, he told me

that changing SYS password is not recommended

2) Enabling audit_trail will drop database performance, my supervisor

told me that it is not recommended to enable audit_trail.

3) Enabling RESOURCE_LIMIT, by enabling this password complexity configuration for Oracle will be configured. But, what password will be complex? Is it, for example, OPS$JS1ADM and OPS$ORAJS1 or ora<sid> and <sid>adm?

Need your confirmation on this issue.

Your helps are highly appreciated.

regards,

Ronald

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • author's profile photo Former Member
    Former Member
    Posted on Sep 10, 2007 at 03:48 PM

    Hi Ronald,

    Let me answer your question one by one.

    1) Changing the password for the database user SYS and OUTLN - A change to the SYS and OUTLN password does not affect the R/3 System. Before you change passwords, you should always check whether scripts contain calls with hardcoded passwords. These scripts may have to be adjusted.

    2 ) You can also use enhanced auditing in the SAP environment by activating the AUDIT_TRAIL Oracle parameter. However, you must ensure that the audit data created does not cause any file system overflow, registry overflow or tablespace overflow.

    3) All database users receive certain authorizations from the default profile as standard, for example:

    o Logon authorizations: FAILED_LOGIN_ATTEMPTS, PASSWORD_LIFE_TIME,

    PASSWORD_REUSE_TIME, PASSWORD_REUSE_MAX, PASSWORD_VERIFY_FUNCTION, PASSWORD_LOCK_TIME, PASSWORD_GRACE_TIME

    o Resource authorizations: COMPOSITE_LIMIT, SESSIONS_PER_USER,

    CPU_PER_SESSION, CPU_PER_CALL, LOGICAL_READS_PER_SESSION,

    LOGICAL_READS_PER_CALL, IDLE_TIME, CONNECT_TIME, PRIVATE_SGA

    These values are usually set to UNLIMITED - that is, there are no restrictions. Refer to the DBA_PROFILES view for the current restrictions.

    Changes to the default settings may result in logon problems or resource problems in the SAP environment. You should therefore keep the standard values.

    As a result, it is also not worthwhile to set the RESOURCE_LIMIT Oracle parameter to TRUE, as this is what first activates the use of profiles of the type described above.

    Hope this information helps.

    Best Regards,

    Madhukar Shenoy

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.