To protect access to the SAPUSER table and the SAP database user SAP<SAPSID>, or SAPR3 you must do the following:
Change the passwords for SAP<SAPSID>
or SAPR3
, and <sapsid>adm
regularly.
Only define OPS$ users for the Windows users that are necessary for operating the SAP system.
These are typically the users SAPService<SAPSID>
and <sapsid>adm
; however, you may assign them other
names. In this guide, we refer to SAPService<SAPSID>
and <sapsid>adm
). For more information about creating OPS$ users on Windows, see SAP note 50088.
With the Oracle network protocol SQL*Net
, you can also use the file sqlnet.ora
to restrict access to the database using IP addresses. In this file, you specify invited and excluded IP addresses. In this way, you can make
sure that only specific hosts (for example, only the application server host) can access the database.
Example
tcp.validnode_checking = yes
tcp.invited_nodes = (139.185.5.73, ...)
or:
tcp.excluded_nodes = (139.185.6.71, ...)