Re: SAP on Oracle doubts

Thanks for a very valuable comments.
I have no doubt that there are some SAP consultants which are also very good from DB side...but I am not of that luck.

It still a puzzle for me that a company like SAP don't see as a necessary to improve things which obviously have flaws ... I have impression that at the very beginning of SAP, the programmer who didn't have any idea of DB loging mechanism (and many other possibilities), have found somewhere in docs authentication via OS ... was delighted of this feature how easy it is to implement ... and the rest is history ;-)

cheers,
goran

On Wed, Feb 10, 2010 at 6:56 PM, Jared Still <jkstill_at_gmail.com> wrote:

> For better or worse, I have had some experience with SAP consultants.
>
> You will find that an unusually large percentage of them will insist that
> everything be done "by the book"
>
> The problem is that the book they are going by is often outdated
> or just plain wrong.
>
> I have however had the pleasure of working with some SAP folk
> that are very good. A couple of them have even been very good
> with the database side.
>
> You will find by searching on the SAP support site that there are
> internal folks there that are extremely good with Oracle. These
> can be your ally when dealing poorly informed SAP consultants
> and BASIS admins.
>
> For instance, you will find this SAP note quite invaluable:
> 825653 - Oracle: Common misconceptions
>
> It can be used to refute some of the misconceptions
> held by SAP folks, and as it comes from SAP, they
> must pay attention. :)
>
> Further comments inline:
>
> On Wed, Feb 10, 2010 at 4:26 AM, goran bogdanovic <goran00_at_gmail.com>wrote:
>
>>
>>
>> 1. REMOTE_OS_AUTHENT=true
>>
>> Q1: is it really necessary?
>> Q2: if yes, any workaround possible?
>>
>
> It may or may not be necessary.
>
> I can't recall under what circumstances you may need to use
> this in an SAP context. If you do however, then connections
> to the database need to be controlled via SQLNet invited nodes.
>
> There is someone a couple years ago I had this discussion with,
> and that is how they had it setup.
>
> Personally, I don't allow it to be set here.
>
> If you do allow it to be set, another precaution is to be sure that
> the SAP accounts created in the database are created to include
> the domain name.
>
> This requires that the the env (or registry) variable
> OSAUTH__PREFIX_DOMAIN=TRUE,
> which is the default anyway.
>
> eg. assuming a DEV system, and a domain of MYDOMAIN.COM, the users
> would be:
>
> OPS$MYDOMAIN\DEVADM
> OPS$MYDOMAIN\SAPSERVICEDEV
>
>
>
>> 2. SAP System Administrator OS user must be in OS DBA group
>> Q1: is it really necessary?
>> Q2: is there any other way to do it?
>
>
>> 3. SAP Database Administrator OS user must be in OS DBA group
>> Q1: ist it really necessary?
>> Q2: is there any other way to do it?
>>
>
> Sorry, that is a fact.
> It is required for the SAP DBA utilities.
>
> If not allowed, the SAP BASIS admins will not be able to do any
> jobs that require DBA access.
>
> It may just be required for the system to work at all, I don't know.
>
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
> Oracle Blog: http://jkstill.blogspot.com
> Home Page: http://jaredstill.com
>

--
http://www.freelists.org/webpage/oracle-l