Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: sys password
Hi Anurag,
Here's the story: the connect, resource and dba privileges in Oracle 6 were
replaced by connect, resource and dba roles (containing much more granular
privileges) in Oracle 7.
They were retained for backwards compatibility and officially they are
obsolete.
But .... everyone still uses them.
The problem here is the alter user privilege, that has been granted to the
connect role (from the top of my head).
This can be used to change any password including that of sys. Why on earth
Oracle allows that I don't know.
Morale: The only option is to get away from connect, resource, and dba and
grant the more granular privileges
like create any table, create any procedure etc only.
Obviously, I too would like to know why an user with alter user privilege
can change the sys password, which can result in sys loosing it's sysdba
privileges (if remote_login_passwordfile = shared in init.ora and the sys
password and the internal password differ, then sys is unable to connect as
sysdba)
Hth,
Sybrand Bakker, Oracle DBA
Anurag Minocha <anurag_at_synergy-infotech.com> wrote in message
news:378DB801.E60B8340_at_synergy-infotech.com...
> Hi,
> I have a user with dba,resource and connect roles. The problem is that
> he is able to change the sys password. How can i prevent this. Is this
> because of the dba role.If yes then why is the sys called the super user
> if the password can be changed fromn dba.
>
>
> anurag
>
Received on Thu Jul 15 1999 - 07:23:17 CDT