Differences between Oracle SYS and system users, sysdba and sysoper system permissions, and sysdba and DBA roles)

Source: Internet
Author: User
Differences between Oracle SYS and system users, sysdba and sysoper system permissions, and sysdba and DBA roles)

Differences between sys and system users

1) The most important difference is that the importance of stored data is different.

Base tables and views of all ORACLE data dictionaries in SYS are stored in SYS users. These base tables and views are crucial for Oracle operation and are maintained by the database, no user can change it manually. Sys users have the role or permissions such as dBA, sysdba, and sysoper, and are the users with the highest Oracle permissions.

 

The system user is used to store the second-level internal data, such as the Management Information of some features or tools of oracle. System users have common DBA role permissions.

2) The second difference is that permissions are different.

System users can only log on to Em as normal, unless you have granted sysdba system permissions or syspoer system permissions to them.
The sys user has system permissions of "sysdba" or "sysoper". You can only use these two identities to log on to Em, but cannot use normal.

Log on to Oracle as a sys user and run select * from V _ $ pwfile_users. Users with sysdba permissions can be queried, for example:

SQL> select * from V _ $ pwfile_users;
Username sysdb sysop
----------------------------------------
Sys true

 

Differences between sysdba and sysoper system Permissions

What are the differences between normal, sysdba, and sysoper?
Normal is a common user
For the other two, you can check their permissions.
Sysdba has the highest system permissions.
Sysoper is mainly used to start and close databases. After logging on to sysoper, the user is public.

Sysdba and sysoper belong to system privilege, also known as administrative privilege. The specific permissions of sysdba and sysoper at the system management level such as enabling or disabling a database can be viewed in the following table:

 

System Permissions

Sysdba

Sysoper

Differences

Startup (start database)

Startup

Shutdown (shut down the database)

Shutdown

Alter database open/Mount/backup

Alter database open/Mount/backup

Change Character Set

None

Create Database)

None

DROP DATABASE)

None

Create spfile

Create spfile

Alter database archivelog (archive logs)

Alter database archivelog

Alter database recover (recover database)

Only full recovery is allowed, and incomplete recovery cannot be performed.

Have restricted SESSION (session Restriction) Permissions

Restricted session permission

Allows users to connect as sys users

Some basic operations can be performed, but user data cannot be viewed.

After logon, the user is sys.

After logon, the user is public.

 

 

If the system is logged on normally, it is actually a common DBA user, but if it is logged on as sysdba, it actually logs on as a sys user, this is similar to sudo in Linux. We can see it from the logon information. Therefore, after the as sysdba connects to the database, the created objects are actually generated in SYS. The same applies to other users. If you log on as sysdba as a sys user, see the following experiment:

SQL> create user strong identified by strong;

The user has been created.

SQL> conn strong/strong @ magick as sysdba;

Connected.

SQL> show user;

User is "sys"

SQL> Create Table Test (A INT );

The table has been created.

SQL> select owner from dba_tables where table_name = 'test ';

Unselected rows // because oracle is automatically converted to uppercase when creating a table, it does not exist when it is queried in lower case;

SQL> select owner from dba_tables where table_name = 'test ';

Owner

------------------------------

Sys

 

Differences between dBA and sysdba

What are the differences between dBA and sysdba system roles?

Before explaining this, I need to talk about the Oracle service creation process.

Create instance → start instance → create database (system tablespace is required)

Startup Process

Instance start → load database → Open Database

Sysdba manages Oracle instances. It does not rely on the full startup of the entire database. Once the instance is started, it already exists. It logs in as sysdba, loads the database, and opens the database. The DBA role has a foundation only when the database is opened or the entire database is fully started!

 

What is the difference between the connection mode of as sysdba or sysoper and without?
When you connect with sysdba or sysoper privileges, you connect with a default schema, not with the schema that is generally associated with your username.

For sysdba This schema is sys; For sysoper the schema is public.

Based on the test below, you will understand the difference between connecting with as sysdba and not using as sysdba.
SQL> conn zhhstream/zhhstream
Connected.
SQL> show user
User is "zhhstream"
SQL> Create Table Test
2 (ID number (4 ),
3 name varchar2 (10)
4)
5;

Table created.

SQL> DESC Test
Name null? Type
-------------------------------------------------------------------------------------------------
ID number (4)
Name varchar2 (10)

SQL> conn zhhstream/zhhstream as sysdba
Connected.
SQL> show user
User is "sys"
SQL> DESC Test
Error:
ORA-04043: Object test does not exist
SQL> conn zhhstream/zhhstream as sysoper
Connected.
SQL> show user
User is "public"

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.