Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: SYS vs. SYSTEM

Re: SYS vs. SYSTEM

From: Quarkman <quarkman_at_myrealbox.com>
Date: 6 Aug 2003 22:53:28 -0700
Message-ID: <6f2ab2f8.0308062153.2e619a26@posting.google.com> 





Brian Peasland <dba_at_remove_spam.peasland.com> wrote in message news:<3F317244.4E51994D_at_remove_spam.peasland.com>...


> > That's because it isn't a role at all, but a system privilege. Number 83 or

> > 94 (memory fails me) in the select * from system_privilege_map.

> 

> I know. And that's what I was trying to point out, that it's not a role

> like other database roles. 




Why you keep saying "like other roles", I don't know. It's not like
other roles because it isn't a role. It's a bit like saying 'your
automobile isn't an automobile like other trains'.



>But I didn't want to confuse the poor chap.




Uh huh. You're confusing the hell out of me by using the word 'role'
where it doesn't belong, and I'm supposed to know something about it!!



> He was having difficulties with the differences between SYS and SYSTEM.




Yes, and the difference is the granting of the SYSDBA system
privilege. That's all there is to it, and it is not (IMHO) very
confusing to say it as plain as that.



> And I wouldn't say to that individual that SYSDBA is a system privilege




But then you'd be wrong to not say that, because it is.



> less he try to find it in DBA_SYS_PRIVS, where it isn't.




DBA_SYS_PRIVS isn't a list of what system privileges exist in the
database, so why you'd go looking there to find anything about it in
the abstract in the first place beats me.



Or are you saying that, because DBA_SYS_PRIVS records those system
privileges which are granted to users and roles, you'd expect that if
I said "grant sysdba to brian" I should be able to see the grant in
this view? Only if you forget or don't know the essential feature of
granting SYSDBA in the first place: which is that it copies your user
details into the password file (and the grant won't work without there
being a password file there in the first place). And the password file
has its own view, v$pwfile_users.



I find confusion is best combatted by sticking to the facts wherever
possible, and not introducing words (like "role") which have no place
being there.



~QM
Received on Thu Aug 07 2003 - 00:53:28 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US