Why SAP is better than Oracle Finance in Security Perspective: part 1
There are a lot of comparison between SAP and Oracle Finance available nowadays; this article is focusing the comparison in security or audit perspective.
1. Security ConfigurationSAP stored their security configuration in application security level; Oracle Finance stored their security configuration in database security level. Storing configuration in application security level means that we could added the security level also in database configuration. So SAP will have two times higher security level than Oracle Finance.
Here is audit procedure to check both of Oracle Finance and SAP R/3 security configuration.
SAP R/3 Procedure:
Execute Transaction Code SA38
Run report RSPARAM
login/failed_user_auto_unlock login/fails_to_session_end login/fails_to_user_lock login/min_password_lng login/multi_login_users login/no_automatic_user_sapstar login/password_change_for_SSO login/password_expiration_time login/password_logon_usergroup login/password_max_new_valid login/password_max_reset_valid.
Oracle Finance Procedure:
Run SQL command:
select substr(resource_name), substr(limit) from sys.dba_profiles
COMPOSITE_LIMIT UNLIMITED CONNECT_TIME UNLIMITED CPU_PER_CALL UNLIMITED CPU_PER_SESSION UNLIMITED FAILED_LOGIN_ATTEMPTS UNLIMITED IDLE_TIME UNLIMITED LOGICAL_READS_PER_CALL UNLIMITED LOGICAL_READS_PER_SESSION UNLIMITED PASSWORD_GRACE_TIME UNLIMITED PASSWORD_LIFE_TIME UNLIMITED PASSWORD_LOCK_TIME UNLIMITED PASSWORD_REUSE_MAX UNLIMITED PASSWORD_REUSE_TIME UNLIMITED PASSWORD_VERIFY_FUNCTION UNLIMITED PRIVATE_SGA UNLIMITED SESSIONS_PER_USER UNLIMITED
2. Access Control Management