Re: oracle 9i connection string with SYS account

Pete Sharman wrote:
>
> In article <adkqbl$eet$1_at_lust.ihug.co.nz>, "Howard says...
> >
> >I suspect this one will run and run.
> >
> snip good advice
> >
> >But Sybrand's point should be heeded: the SYS account is unique, and if all
> >you need to do is create tablespaces and Users, then you don't need it. All
> >routine administration should be done as SYSTEM (default password =
> >'manager').
> >
>
> You know, I think this is one time I'd have to disagree with you Howard. SYSTEM
> still owns data dictionary tables for some functionality, such as replication.
> I tend to think NEITHER SYSTEM nor SYS should be used for this fucntionality.
> Create your own equivalent of SYSTEM, but don't use either SYS or SYSTEM for
> this. Other viewpoints?

I think it's a tradeoff between managability/convenience and security. As with just about everything else, It Depends. I'm not saying I'd recommend what we do for most shops, but I connect / as sysdba routinely. We have hundreds of Oracle instances in the dataceneter which are owned by many different organizations within the company - having my own dba-level account on each of these, and one for every other datacenter dba, would be a bit of a management headache. Most of what I need to do is connect, run a few queries on V$ or DBA_ tables/views, do an alter system or two, etc., so the risk is usually relatively low. Sure, we could probably automate database account maintenance in a similar manner to our server account system. But for us, the risk we run by connecting as sysdba is outweighted by the increased convenience and lower managability issues.

Regards,
Sean Received on Wed Jun 05 2002 - 22:38:21 CDT