Tuesday, May 21, 2013

Oracle E-Business Suite: SYSADMIN must have password expiration set

The risks related to SYSADMIN are often misunderstood.  It is a critical account to leave active, yet we find that many organizations don't set the password expiration days because they fear that the account will be locked and the system will come to a halt (including workflows) if the password expires.  This is NOT the case.  If the password expires it will need to be reset next time someone logs in using that account (just like ALL accounts).  However the processes that run in the background tied to that login will still continue to perform as expected.

This is also supported by Oracle.  Take a look at MOS Note 403537.1.

Find out more about this topic at: http://erpra.net/files/Chapter_7_Excerpt_Use_and_Care_of_Generic_Logins.pdf

As always, if you have questions related to this or other topics, please email me at jhare...at... erpra.net.