Oracle Finance

Need to audit an Oracle Database or Application; here is simple guidance, 5 basic controls that you should monitor.

1. Password Management

• Default Passwords, should be changed
• Required Passwords, should be enabled
• Password Composition, should be contain character, numeric and combination
• Password Expiration, should be expire within period e.g. 30 days
• Password History, should be not repeated after period e.g. 12 password.

2. User Management

• Administrator Account, should be secured. All administrator account should be stated clearly and who’s responsible with it.
• Default user account, should be removed or deactivated
• Vendor / third party account, should be monitored
• Dormant Account, should be maintained.

3. Security Feature

There are a lot of comparison between SAP and Oracle Finance available nowadays; this article is focusing the comparison in security or audit perspective.

1. Security Configuration

SAP stored their security configuration in application security level; Oracle Finance stored their security configuration in database security level. Storing configuration in application security level means that we could added the security level also in database configuration. So SAP will have two times higher security level than Oracle Finance.

Here is audit procedure to check both of Oracle Finance and SAP R/3 security configuration.

SAP R/3 Procedure:
Execute Transaction Code SA38
Run report RSPARAM

login/failed_user_auto_unlock           
login/fails_to_session_end              
login/fails_to_user_lock                
login/min_password_lng                  
login/multi_login_users                 
login/no_automatic_user_sapstar         
login/password_change_for_SSO           
login/password_expiration_time          
login/password_logon_usergroup          
login/password_max_new_valid            
login/password_max_reset_valid.