Protecting the SAP Database User
To protect access to the SAPUSER table and the SAP database user SAP<SAPSID>, or SAPR3 you must do the following:
· Change the passwords for SAP<SAPSID> or SAPR3, and <sapsid>adm regularly.
· Only define OPS$ users for the Windows users that are necessary for operating the SAP system. These are typically the users SAPService<SAPSID> and <sapsid>adm; however, you may assign them other names. (In this guide, we refer to SAPService<SAPSID> and <sapsid>adm.) For more information about creating OPS$ users on Windows, see SAP Note 50088.
● With the Oracle network protocol SQL*Net, you can also use the file sqlnet.ora to restrict access to the database using IP addresses. In this file, you specify invited and excluded IP addresses. In this way, you can make sure that only specific hosts (for example, only the application server host) can access the database.
Example:
tcp.validnode_checking =
yes
tcp.invited_nodes = (139.185.5.73, ...)
or:
tcp.excluded_nodes = (139.185.6.71, ...)
See also: