2. Obtain a listing of the Data Structure Diagram for the application. 

3. Obtain the Database initialization file INIT.ORA. 

4. Obtain major Data Dictionary Views 

• DBA_OBJECTS 
• DBA_TAB_COLUMNS 
• DBA_USERS
• DBA_VIEWS 

6. Determine the users that have physical access to the application files and ensure that this privilege is necessary to support their job function. 

7. Determine that all default userids and passwords have been changed.

• SYS
• SYSTEM
• SCOTT
• SAPr3 

9. Determine that the passwords are required to be changed on a periodic bases. 

10. List off all Roles within the database. 

11. List off all users that have Resource or DBA privileges.

• SAPDBA 

13. Review the objects rights to ensure that only authorized users are allowed to operate against these objects.

• DBA_TAB_GRANTS
• DBA_COL_GRANTS Direct table access and stored procedure access should be investigated to ensure that only authorized users or programs have access to the application files. 

15. Determine what level of auditing has been turned on by reviewing the INIT.ORA file to see if AUDIT_TRAIL is set to TRUE and the DBA_SYS_AUDIT_OPTS & DBA_TAB_AUDIT_OPTS. 

16. Determine that the audit trail is reviewed on a regularly bases. 

17. Determine who has been assigned import and export capability. 

18. Review all operating system roles OSOPER for assignment to valid users. 
- Ensure that any assignment to the user “Public” is highly restricted. 

SAP BC Tips

See Also
Security Audit Logs - Intentionally Blocked User

Get help regarding your Basis problems
Do you have a SAP Basis Question?

SAP Basis Admin Books
SAP System Administration, Security, Authorization, ALE, Performance Tuning Reference Books

SAP Basis Tips
SAP BC Tips and Basis Components

Administration In SAP - Sapgui, Unix, SAP ITS, Router, Client Copy and IDES 

Main Index
SAP ERP Modules, Basis, ABAP and Other IMG Stuff