Hello
The impact will be that you will need to update sapsr3 password in table SAPUSER every time you will change it at Oracle level (using brconnect -f chpass -o sapr3 -p <new_password>).
If you forget (to change the password at Oracle level or to update it in SAPUSER) your SAP system won't be able to connect on the DB and thus won't work (not starting or suspended).
Even if you use SSF instead of OPS$ you will have the same problem.
So it is feasible but it will generate extra work and create a risk for your system.
It's a matter of finding a good balance between security requirements / extra admin work / system availability.
SAP considers that as the SAPSR3 account is not used by human and is then not subject to password disclosure so enforcing password change is not required.
1519872 - SAP Database User Profile SAPUPROF
There is no need for a database administrator to connect to the database as the user of the SAP application (except some rare support situations).
SQL scripts or shell scripts should never contain hardcoded passwords of the SAP application user.
Processes of the SAP application - and certain SAP tools like R3Load that belong to the SAP application- are the only programs that should connect to the database with the SAP application user.
By the way did you setup option "tcp.validnode_checking" in sqlnet.ora file ?
This is a far more important/efficient option for Oracle security than forcing password expiration.
(186119 - Restricting DB access to specific hosts)
Regards
1622837 - Secure connection of AS ABAP to Oracle via SSFS
562863 - FAQ: Logon mechanisms
1627312 - ORA-28001: the password has expired - during system startup