For SAP managed Oracle databases the authorizations for DB users were automatically created/assigned during installation.
While maintaining the database, basis consultant should keep in mind that for security reasons, it does not make sense to grant database users access to all database resources, or to permit all actions. Therefore, it is usually cause for concern if a database user can read the tables of other users. In addition, critical actions, such as stopping the database or dropping tablespaces, should be restricted to only a small number of users.
To restrict a database user's options to the functions that are actually required by that user, you can assign database authorizations for these functions only. (If you create separate DB users).
For background information about database users and logon mechanisms, see Note 562863.
Types of database authorizations
1) Privileges
2) Roles
3) Profiles
Privileges
A privilege is an authorization to perform a certain database action. There are different types of privileges:
a)System privileges
b)Object privileges
Roles
Roles are a collection of authorizations and consist of a number of privileges and/or subroles.
Profiles
Password and resource authorizations are assigned as part of a profile. In the SAP environment, adjustments should not be made to the profile default settings (see below).
No comments:
Post a Comment