Why SAP is better than Oracle Finance in Security Perspective: part 1

There are a lot of comparison between SAP and Oracle Finance available nowadays; this article is focusing the comparison in security or audit perspective.

1. Security Configuration

SAP stored their security configuration in application security level; Oracle Finance stored their security configuration in database security level. Storing configuration in application security level means that we could added the security level also in database configuration. So SAP will have two times higher security level than Oracle Finance.

Here is audit procedure to check both of Oracle Finance and SAP R/3 security configuration.

SAP R/3 Procedure:
Execute Transaction Code SA38
Run report RSPARAM

login/failed_user_auto_unlock           
login/fails_to_session_end              
login/fails_to_user_lock                
login/min_password_lng                  
login/multi_login_users                 
login/no_automatic_user_sapstar         
login/password_change_for_SSO           
login/password_expiration_time          
login/password_logon_usergroup          
login/password_max_new_valid            
login/password_max_reset_valid.

Oracle Finance Procedure:
Run SQL command:

select  substr(resource_name),  substr(limit) from sys.dba_profiles

result

COMPOSITE_LIMIT                UNLIMITED 
CONNECT_TIME                   UNLIMITED 
CPU_PER_CALL                   UNLIMITED 
CPU_PER_SESSION                UNLIMITED 
FAILED_LOGIN_ATTEMPTS          UNLIMITED 
IDLE_TIME                      UNLIMITED 
LOGICAL_READS_PER_CALL         UNLIMITED 
LOGICAL_READS_PER_SESSION      UNLIMITED 
PASSWORD_GRACE_TIME            UNLIMITED 
PASSWORD_LIFE_TIME             UNLIMITED 
PASSWORD_LOCK_TIME             UNLIMITED 
PASSWORD_REUSE_MAX             UNLIMITED 
PASSWORD_REUSE_TIME            UNLIMITED 
PASSWORD_VERIFY_FUNCTION       UNLIMITED 
PRIVATE_SGA                    UNLIMITED 
SESSIONS_PER_USER              UNLIMITED