Re: sysdba privileges and shutdown

On Fri, 07 Mar 2003 08:41:27 +0000, Rachel Wilson wrote:

> coming from an oracle7 background and having received some oracle 8i
> training I have been warned about the evils of connect internal.
>
> While looking into sysdba and sysoper I have come across what seems to
> be some confusion. Sybrand in 1999 mentioned in this forum that
> sysdba was a role and then in 2002 an older and wiser sybrand says
> it's a privilege - and this latter opinion seems to be the concensus.
> However looking in the dictionary views such as dba_sys_privs i cannot
> find any mention of the sysdba priviledge. i can see a DBA role but
> this comes with its own warnings because the default role can (should)
> be tweaked for the production environment.

You're looking in the wrong place. Select * from system_privilege_map. Look at number 83.

>
> Other reading suggests that these are just keywords and not privileges
> in the traditional sense although if that is the case how can they be
> granted to other users?
>
> The documentation talks about the extra functionality allowed to
> priviledged users but not what the exact system priviliges are (in
> particular I am trying to work out who exactly has rights to shutdown
> the database)
>
> In short:
> a) could someone please clear up *exactly* what sysdba is and where
> its associated priviliges can be found in the dictionary views
> b) how the sqlplus shutdown command works - is it an alter database
> command - is it a script?
>
> i am also wondering why the unix group of dba is allowed sysdba rights
> as a matter of course - is this not a bit of a security risk?

Only if you posit that anyone and everyone can log on to your Unix box with your Unix credentials!

Regards
HJR
>
> thanking you in advance,
> Rachel
Received on Fri Mar 07 2003 - 13:16:41 CST