On Windows, you should protect all data files, all executable files, all Oracle files, and all SAP system files.
The following table shows the Oracle files and the corresponding access rights:
Oracle Directories |
Access Privilege |
For User or Group |
---|---|---|
|
|
|
|
|
|
For all Oracle directories and the ORACLE_HOME set the security settings for the built-in accounts and groups SYSTEM, Administrators, ORA_DBA, ORA_<DBSID>_DBA
, and ORA__<DBSID>_OPER
as follows:
In the Windows Explorer, right-click the Oracle root directory and choose Properties
.
On the Security
tab, choose Advanced
.
Deselect Allow inheritable permissions from the parent..
.
In the upcoming dialog, choose Copy
, to copy the permission entries that were previously applied from the parent to this object.
Choose OK
.
Set the permissions for the above-mentioned accounts SYSTEM, Administrators, ORA_DBA, ORA_<DBSID>_DBA
, and ORA__<DBSID>_OPER
to Full Control
.
Delete all other accounts.