Home » RDBMS Server » Security » oracle sys authentication (oracle database 10.2.0 , windows xp professional)
oracle sys authentication [message #348944] Thu, 18 September 2008 06:11 Go to next message
merhanatef
Messages: 28
Registered: September 2008
Junior Member
hey guys ..
u know as a member in the os(windows xp) "ora_dba" group , i can log in to the database using th os authentication & not the password file..
it goes as follows :

----sql> / as sysdba

----SQL*Plus: Release 10.2.0.1.0 - Production on Thu Sep 18 ---------13:01:40 2008

----Copyright (c) 1982, 2005, Oracle. All rights reserved.


----Connected to:
----Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - -----Production
----With the Partitioning, OLAP and Data Mining options

now , i want the user to continue being a member in the ora_dba group , & @ the same time i dont want him to be able to log in using the "/ as sysdba " delimiter .. i want him to be obliged to use "sys/sys as sysdba", can i do that?

& also,is there a difference in the privileges a user gets when connected as sysdba while not being a member in the ora_dba group?





Re: oracle sys authentication [message #348951 is a reply to message #348944] Thu, 18 September 2008 06:41 Go to previous messageGo to next message
Michel Cadot
Messages: 64103
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
In your sqlnet.ora change "SQLNET.AUTHENTICATION_SERVICES = (NTS)" to "SQLNET.AUTHENTICATION_SERVICES = (NONE)"

Regards
Michel

Re: oracle sys authentication [message #348995 is a reply to message #348951] Thu, 18 September 2008 09:12 Go to previous messageGo to next message
merhanatef
Messages: 28
Registered: September 2008
Junior Member
it worked ... thank u
Re: oracle sys authentication [message #351177 is a reply to message #348995] Mon, 29 September 2008 12:01 Go to previous messageGo to next message
mrvafaei
Messages: 27
Registered: September 2008
Junior Member

usually Network Administrator has access to sqlnet.ora and he/she can change SQLNET.AUTHENTICATION_SERVICES = (NTS)again ,
is it possible we do some thing that Neywork admin can not use :

conn / as sysdba

and connect to sys with sysdba previllage .
?
Re: oracle sys authentication [message #351180 is a reply to message #351177] Mon, 29 September 2008 12:17 Go to previous messageGo to next message
Michel Cadot
Messages: 64103
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
usually Network Administrator has access to sqlnet.ora

He/She should not, I don't see any reason for this, remove this access.

Regards
Michel

[Updated on: Mon, 29 September 2008 12:18]

Report message to a moderator

Re: oracle sys authentication [message #351193 is a reply to message #351180] Mon, 29 September 2008 14:34 Go to previous messageGo to next message
mrvafaei
Messages: 27
Registered: September 2008
Junior Member

in our office network admin has access to all servers , and OS settting and folders .
Re: oracle sys authentication [message #351232 is a reply to message #351193] Tue, 30 September 2008 01:01 Go to previous message
Michel Cadot
Messages: 64103
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
If you give root access to anybody there is nothing you can do to prevent them to access to anything.

Regards
Michel
Previous Topic: revoke role
Next Topic: Insufficient privileges
Goto Forum:
  


Current Time: Sun Dec 04 18:46:04 CST 2016

Total time taken to generate the page: 0.16447 seconds