This is very interesting question.
To the my best knowledge, the answer is:
- INTERNAL is a special (build-in and unremovable, similar to root in
UNIX) user
in Oracle, which does not have its own schema.
Every time you connect as INTERNAL, you go into SYS schema
(as you can determine by SELECT user FROM dual;)
- INTERNAL is not a "special option" of CONNECT command in SQL*DBA
(or Server Manager) as I initially thought, because you can connect as
INTERNAL from SQL*plus (athough I've found some funny things
like I can connect by specifying CONNECT INTERNAL/password, but
I cannot connect if I specify password later, when Oracle asks for it.)
- In systems where the password file is used, INTERNAL and SYS
cannot be removed from the password file and their
SYSDBA/SYSOPER privileges cannot be revoked.
- Some confusion cames from the fact that you should not
(and, probably, must not) specify AS SYSDBA when connecting
as INTERNAL. When you want to connect as SYS, you have two options:
CONNECT SYS/CHANGE_ON_INSTALL -> normal connection
CONNECT SYS/oracle AS SYSDBA -> connection with highest
possible privileges (incl. STARTUP, SHUTDOWN, CREATE DATABASE).
- Finally, it is worth to mention that Oracle Adm. Guide
(probably, since 7.3) says that INTERNAL is supported for
backward compatibility only. I definitely know that
it is possible to issue STARTUP and SHUTDOWN as SYS with SYSDBA,
although I never tried to create database as SYS.
Restrict access: some OS (in particular, Win95) have
enviroment variable (accessible via REGEDIT) with value
equal to passoword for INTERNAL/SYS AS SYSDBA
(this value is "oracle" on default installation).
Remove this value and it will become impossible
to start the instance without specifying the password.
To change the password, create new password file.
E-mail me if you have more questions.
Seva
Pedro Pimentel Figueiredo wrote:
>
> How do you restrict the INTERNAL login? Is it a user or a special type
> of login?
>
> Thank you.
>
> Pedro Pimentel
>
> PS: please reply also by e-mail to ppf_at_geocities.com
Received on Thu Oct 02 1997 - 00:00:00 CDT