Apply Security Settings for Database-Related File System Resources
Use
On Windows, you should protect all data files, all executable files, all Oracle files, and all SAP system files.
The following table shows the Oracle files and the corresponding access rights:
|
Oracle Directories |
Access Privilege |
For User or Group |
|---|---|---|
|
%ORACLE_HOME%\database |
Full Control |
SYSTEM , Administrators, ORA_DBA, ORA_<DBSID>_DBA ORA_<DBSID>_OPER |
|
<drive>:\oracle\<dbsid> |
Full Control |
SYSTEM , Administrators, ORA_DBA, ORA_<DBSID>_DBA ORA_<DBSID>_OPER |
Procedure
For all Oracle directories and the ORACLE_HOME set the security settings for the built-in accounts and groups SYSTEM, Administrators, ORA_DBA, ORA_<DBSID>_DBA, and ORA__<DBSID>_OPER as follows:
-
In the Windows Explorer, right-click the Oracle root directory and choose Properties.
-
On the Security tab, choose Advanced.
-
Deselect Allow inheritable permissions from the parent...
-
In the upcoming dialog, choose Copy, to copy the permission entries that were previously applied from the parent to this object.
-
Choose OK.
-
Set the permissions for the above-mentioned accounts SYSTEM, Administrators, ORA_DBA, ORA_<DBSID>_DBA, and ORA__<DBSID>_OPER to Full Control.
-
Delete all other accounts.