APPS, APPLSYS 1, 2
APPLSYSPUB
EDWREP, ODM
AD_MONITOR, EM_MONITOR
OWAPUB
PORTAL30, PORTAL30_*
SSOSDK
MODULE
END-DATE 1
AME
AOL/FND
AOL/FND
ASG
AS
AOL/FND
AOL/FND
AOL/FND
AOL/FND
IBE, ONT
IBE
IBE, IBU
IEX
AOL/FND
AOL/FND
IRC
IRC
ASG
ASG
ASG
XDP
XDP
AOL/FND
AOL/FND
AOL/FND
AOL/FND
AOL/FND
AOL/FND
AOL/FND
yes
yes
yes
see module
see module
yes
yes
yes
no
see module
see module
see module
yes
yes
yes
see module
see module
yes
yes
see module
see module
see module
no 3
yes
yes
yes
no
yes
yes
If the module is not being used, the account should be enddated. Otherwise, see the module documentation for more
information on this account.
2 Change the GUEST password using the AutoConfig variable
s_guest_pass and run AutoConfig. See MOS Note ID
443353.1.
3 Should not be end-dated, but check that FND_USER table
ENCRYPTED_USER_PASSWORD = INTERNAL USER-NOLOGIN
1
CHANGE PASSWORD
METHOD
manual
manual
FNDCPASS SYSTEM
or AFPASSWD s
See note 4
manual
manual
manual
manual
manual
FNDCPASS ALLORACLE
or AFPASSWD a
DEFAULT
SUGGEST
Sign-On:Audit Level
(null)
Form
Sign-On:Notification
No
Yes
AuditTrail:Activate
No
Yes
(null)
No
Yes
(null)
720
insensitive
sensitive
(null)
Java Class
Utilities:Diagnostics
No
No
FND: Diagnostics
Yes
No
No
Yes
User
User
Error
Error
Error
Error
Error
Error
Yes
Yes
AUDITING
Passwords
Other Security
DEFAULT
SUGGEST
1800000
(30 min)
1800000
(30 min)
30 min
30 min
OFF
SECURE
ORACLE
PUB
strong
password
strong
password
6. APPLSYSPUB PERMISSIONS
The APPLSYSPUB account should have only these grants
INSERT ON FND_UNSUCCESSFUL_LOGINS
INSERT ON FND_SESSIONS
EXECUTE ON FND_DISCONNECTED
EXECUTE ON FND_MESSAGE
EXECUTE ON FND_PUB_MESSAGE
EXECUTE ON FND_SECURITY_PKG
EXECUTE ON FND_SIGNON
EXECUTE ON FND_WEBFILEPUB
SELECT ON FND_APPLICATION
SELECT ON FND_APPLICATION_TL
SELECT ON FND_APPLICATION_VL
SELECT ON FND_LANGUAGES_TL
SELECT ON FND_LANGUAGES_VL
SELECT ON FND_LOOKUPS
SELECT ON FND_PRODUCT_GROUPS
SELECT ON FND_PRODUCT_INSTALLATIONS
These permissions are set in
<FND_TOP>/admin/sql/afpub.sql
To check permissions
SELECT * FROM sys.dba_tab_privs
where grantee = 'APPLSYSPUB'
CREATION_DATE
CREATED_BY FND_USERS table
LAST_UPDATE_LOGIN FND_LOGINS tables
LAST_UPDATE_DATE
LAST_UPDATED_BY FND_USERS table
applsys.fnd_login_responsibilities
fnd_concurrent_requests
applsys.fnd_login_resp_forms
icx.icx_failures
applsys.fnd_unsuccessful_logins
END-USER AUDIT REPORTS
AUTOCONFIG
VARIABLE
s_dbport
s_rpcport
s_repsport
s_webport
s_webssl_port
s_active_webport
s_proxyport
s_oprocmgr_port
s_forms_servlet_
portrange
s_disco_servlet
_portrange
s_xmlsvcs_servlet_
portrange
s_oacore_servlet_
portrange
s_servletport
s_web_port_pls
s_formsport
s_metdataport
s_metreqport
s_osagent_port
s_mwaportno
s_mwadispatcher_
port
s_mwatelnetportno
s_jtfuf_port
UNIX
PERM
$ORACLE_HOME
All
0750
$ORACLE_HOME/bin
All
0751
PORT # + X
1521
1626
7000
8000
4443
8000
80
8699
8701-8710
PATH
$ORACLE_HOME/network/admin/<sid>
$ORACLE_HOME/appsutil/install/<sid>
wdbsvr.app
0600
CGIcmd.dat
0600
defaults.txt
adalldefaults.txt
0600
All
0750
8741-8750
$FND_TOP/secure
s_tcfport
15000
s_ons_localport
s_ons_remoteport
s_ons_requestport
s_java_object_
cache_port
s_oacore_jms
_portrange
s_forms_jms
_portrange
s_home_jms
_portrange
s_oafm_jms
_portrange
s_oacore_ajp
_portrange
s_forms_ajp
_portrange
s_home_ajp
_portrange
s_oafm_ajp
_portrange
6100
6200
6500
~2300023099
~2350023599
~2400024099
~2450024599
~2150021599
~2200022099
~2250022599
~2000020099
s_cmanport
1532
12345
0600
0700
$806_HOME/reports60/server (11i)
$APPL_TOP/admin/<sid>
8800
8888
9000
9100
9200
10000
10200-10299
10300-10399
10800-10899
10200-10299
9300 or
11000
0600
$IAS_TOP/Apache/modplsql/cfg (11i)
8711-8720
8721-8740
listener.ora
sqlnet.ora
*.sql
*.sh
189367.1 11i
403537.1 R12
287176.1 11i
380490.1 R12
123718.1 11i
376700.1 R12
340178.1
391248.1
338756.1
403294.1 11i
732764.1 R12
828229.1 R12
Using Oracle Database Vault with Oracle EBusiness Suite Releases 11i and 12
950018.1
558959.1
http://www.integrigy.com
Version 4.5 April 2014
Oracle E-Business Suite 11.5.10 12.1.3 12.2
Copyright 2014 Integrigy Corporation
Information in this document is subject to change without notice and does not represent
a commitment on the part of Integrigy Corporation. Integrigy does not guarantee or warrant
the accuracy or completeness of the information in this document. AppSentry, and
AppDefend are trademarks of Integrigy Corporation. Oracle is a registered trademark of
Oracle Corporation and/or its affiliates.