Show TOC

Procedure documentationApply Security Settings for Database-Related File System Resources

 

On Windows, you should protect all data files, all executable files, all Oracle files, and all SAP system files.

The following table shows the Oracle files and the corresponding access rights:

Access Privileges for Oracle Directories and Files

Oracle Directories

Access Privilege

For User or Group

%ORACLE_HOME%\database

Full Control

SYSTEM ,

Administrators,

ORA_DBA,

ORA_<DBSID>_DBA

ORA_<DBSID>_OPER

<drive>:\oracle\<dbsid>

Full Control

SYSTEM ,

Administrators,

ORA_DBA,

ORA_<DBSID>_DBA

ORA_<DBSID>_OPER

Procedure

For all Oracle directories and the ORACLE_HOME set the security settings for the built-in accounts and groups SYSTEM, Administrators, ORA_DBA, ORA_<DBSID>_DBA, and ORA__<DBSID>_OPER as follows:

  1. In the Windows Explorer, right-click the Oracle root directory and choose Properties.

  2. On the Security tab, choose Advanced.

  3. Deselect Allow inheritable permissions from the parent...

  4. In the upcoming dialog, choose Copy, to copy the permission entries that were previously applied from the parent to this object.

  5. Choose OK.

  6. Set the permissions for the above-mentioned accounts SYSTEM, Administrators, ORA_DBA, ORA_<DBSID>_DBA, and ORA__<DBSID>_OPER to Full Control.

  7. Delete all other accounts.