1. administrator permissions:
SYSDBA: the default schema is SYS.
SYSOPER: the default schema is PUBLIC.
These two permissions allow users to log on to the database when the database is not opened, so the permissions are beyond the database. This type of permission can also be seen AS a connection that allows you to perform certain operations on the database, such as connect/as sysdba.
2. Two administrator permission authentication methods
1) Operating system (OS) authentication: Operating system authentication
-- This method is used in the following cases:
Secure connection is available when you manage remote databases ).
When managing a local database, you want to use OS authentication.
-- Procedure:
A. Create an OS user
B. Add the user to the OS group of OSDBA or OSOPER.
C. Set the parameter REMOTE_LOGIN_PASSWORDFILE = NONE.
D. CONNECT/AS SYSDBA
-- OSDBA and OSOPER Group
OSDBA: dba for UNIX; ORA_DBA for WINDOWS
OSOPER: UNIX is running, WINDOWS is ora_running
These user groups are created manually or automatically when the database is installed. After the members of these groups connect to the database as sysdba/sysoper, they are automatically granted the management permissions of sysdba/sysoper.
2) Password files: Password File Authentication
-- This method is used in the following cases:
When you manage a remote database, there is no secure network connection, such as TCP/IP and DECnet.
You do not want to use OS authentication when managing local databases.
-- Procedure:
A. Use ORAPWD to create a password file (the password option is set for the SYS user)
B. Set the parameter REMOTE_LOGIN_PASSWORDFILE = EXCLUSIVE.
C. Log On with the sys user
D. create user donny1 identified by donny1 in the database;
E. Grant SYSDBA/SYSOPER permissions.
Grant sysdba to donny1; then add the user and password to the password file.
F. Use your own Password logon: connect donny1/donny1 as sysdba;
G. OS authentication takes precedence over Password File authentication:
If the OS user belongs to the OSDBA OR OROPER group and uses connect as sysdba/sysoper to log on, the entered username/password can be ignored.
[Content navigation] |
Page 1st: ORACLE Database Administrator authentication method |
Page 2nd: ORACLE Database Administrator authentication method |