cancel
Showing results for 
Search instead for 
Did you mean: 

Oracle Security parameters

SAPSupport
Employee
Employee
0 Kudos
89

Hello SAP support,

We have some recommendations and would like to know if from SAP's point of view there are any restrictions to implementing them.
Can you help us analyze these recommendations?

Ensure 'extproc' Is Not Present in 'listener.ora'
Ensure 'GLOBAL_NAMES' Is Set to 'TRUE'
Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE'
Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less
Ensure 'SQL92_SECURITY' Is Set to 'TRUE'
Ensure '_trace_files_public' Is Set to 'FALSE'
Ensure 'RESOURCE_LIMIT' Is Set to 'TRUE'
Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'
Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'
Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'
Ensure 'PASSWORD_REUSE_MAX' Is Greater than or Equal to '20'
Ensure 'PASSWORD_REUSE_TIME' Is Greater than or Equal to '365'
Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'
Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set for All Profiles
Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'
Ensure 'EXECUTE' is not granted to 'PUBLIC' on "Non-default" Packages - DBMS_IJOB
Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'AUD$' - Roles
Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'AUD$' - direct and indirect grants
Ensure 'ALL' Is Revoked on 'Sensitive' Tables - USER_HISTORY
Ensure 'ALL' Is Revoked on 'Sensitive' Tables - LINK$
Ensure 'ALL' Is Revoked on 'Sensitive' Tables - SCHEDULER$_CREDENTIAL
Ensure 'ALL' Is Revoked on 'Sensitive' Tables - USER$  - direct and indirect grants
Ensure 'ALL' Is Revoked on 'Sensitive' Tables - USER$ - Roles

Thanks in advance.

Best regards,


------------------------------------------------------------------------------------------------------------------------------------------------
Learn more about the SAP Support user and program here.
View Entire Topic
SAPSupport
Employee
Employee
0 Kudos

Dear Customer,

Please check below notes regarding the parameters:

3362086 - TNS-12537 TNS-12560 TNS-00507 when trying to start the listener
3388859 - ORA-01017 after changing sec_case_sensitive_logon parameter to false
2580999 - FAILED_LOGIN_ATTEMPTS and SEC_MAX_FAILED_LOGIN_ATTEMPTS explained 
700548 - FAQ: Oracle authorizations 
1519872 - SAP Database User Profile SAPUPROF
2572276 - Password Complexity Verification Function 

In SAP, a less restrictive profile SAPUPROF should be set up with below note:

1519872 - SAP Database User Profile SAPUPROF

As described in below note, you should not revoke any privileges/roles from database role PUBLIC:

2553347 - Oracle Database Role PUBLIC

Best regards,
Nora
SAP Support