Differences between SYS users and system users in Oracle

One, the most important difference: the importance of storing data is different

"SYS" the base tables and views of all Oracle data dictionaries are stored in the SYS user, which is critical to the operation of Oracle, maintained by the database itself, and cannot be changed manually by any user. SYS user has roles or permissions such as DBA, SYSDBA, Sysoper, etc., and is the user with the highest Oracle privileges.

"System" users are used to hold secondary-level internal data, such as some Oracle features or management information for tools. The system user has normal DBA role permissions.

Second, the difference: the different permissions

The "system" user can only log in to EM as normal unless you grant SYSDBA System privileges (grant SYSDBA to System) or Sysoper system permissions to it.
"SYS" User has "SYSDBA" or "Sysoper" System permissions, login em can only use these two identities, can not use normal.

Login to Oracle with sys user, execute SELECT * from V_$pwfile_users; You can query to users with SYSDBA permissions, such as:

Sql> select * from V_$pwfile_users;
USERNAME SYSDBA Sysoper
SYS true True

SYSDBA and Sysoper two system permissions differences

What's the difference between normal, SYSDBA, Sysoper?
Normal is a normal user
The other two, and you'll see what they have right now.
SYSDBA has the highest system privileges, and after logging in is SYS
Sysoper is mainly used to start, close the database, Sysoper login after the user is public

Sysdba and Sysoper belong to the system privilege, also known as administrative privilege, have some system administration level permissions such as database on shutdown SYSDBA and sysoper specific permissions can be seen in the following table:

  system permissions   sysdba  sysoper 
distinguish   startup (start database)   startup  
Shutdown (Close database)   shutdown 
ALTER DATABASE Open/mount/backup  alter database open/mount/backup 
Change character set   none 
CREATE DATABASE   none cannot create database  
Drop database   none 
Create spfile  create spfile 
Alter DB Archivelog (archive log)   alter database archivelog 
ALTER DATABASE recover (recover databases)    can only be fully recovered, Unable to perform incomplete recovery  
has restricted session limit permission    restricted session permission  
allows the user to connect as a SYS user  & nbsp; You can do some basic operations, but you cannot view user data  
User is public  after logon after login sys  ;

If the system is logged in normally, it is actually a normal DBA user, but if you log in as SYSDBA, the result is actually logged in as a SYS user, which is similar to the feeling of sudo inside Linux, as we can see from the login information. Therefore, after the database is connected as SYSDBA, the objects created are actually generated in sys. The same is true for other users, if the as SYSDBA is logged in as a SYS user, see the following experiment:
Sql> create user strong identified by strong;

Differences between SYS users and system users in Oracle