Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Resources
Documents
Publishers
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Oracle Linux 7
System Settings
Installing and Maintaining Software
SAP Specific Requirement
Only sidadm and orasid/oracle User Accounts Exist on Operating System
Only sidadm and orasid/oracle User Accounts Exist on Operating System
An XCCDF Rule
Details
Profiles
Prose
Only sidadm and orasid/oracle User Accounts Exist on Operating System
Medium Severity
SAP tends to use the server or virtual machine exclusively. There should be only SAP system users
sidadm
and
orasid
that exist on the operating system (or virtual machine). If SAP Host Agent is installed, the user
sapadm
must exist too. With Oracle Database using
oracle
user, the user
oracle
should exist as well. While
SID
is the SAP System ID, which is always three alphanumeric characters in upper case, beginning with an alphabetic character, the user names
sidadm
and
orasid
are in lower case.
Besides the above SAP users that are automatically detected, other operating system users can be customized in the refine value variable
var_accounts_authorized_local_users_regex
. OVAL regular expression is used for the user list.
Test result of both
fail
or
error
means mismatch of user names and SAP system. The bash remediation commands can be used to delete unexpected users on the operating system.