Path: news.easynews.com!easynews!news.he.net!news-hog.berkeley.edu!ucberkeley!newsfeed.stanford.edu!paloalto-snf1.gtei.net!news.gtei.net!mawar.singnet.com.sg!not-for-mail From: "Hemant K Chitale" Newsgroups: comp.databases.oracle.server Subject: Re: oracle 9i connection string with SYS account Date: Thu, 6 Jun 2002 23:35:17 +0800 Organization: Singapore Telecommunications Ltd Lines: 65 Message-ID: References: <3cfc878f$1@news.mhogaming.com> <3cfdc0b0$1@news.mhogaming.com> <3CFED904.66C0D1C5@earthlink.net> NNTP-Posting-Host: qtns00418.singnet.com.sg X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Xref: easynews comp.databases.oracle.server:149759 X-Received-Date: Thu, 06 Jun 2002 08:32:46 MST (news.easynews.com) I agree. At sites where there were only 2 to 5 databases, I might craete my own account and grant it DBA. With more than 50 databases it's much easier to login to the server as "oracle" and then connect / as sysdba. Creating a DBA account in 50 databases and then maintaining the password [yes, I could have the same password in 50 databases ....] is also a difficult thing. But where I want to do remote admin [connect over SQLNet] I would still need an account with DBA privileges. So, some databases, I create my own account. End result ? I use "SYS" and "HEMANT" more frequently and rarely use "SYSTEM" [I just change the SYS and SYSTEM passwords and forget about them]. Hemant K Chitale http://hkchital.tripod.com "Sean M" wrote in message news:3CFED904.66C0D1C5@earthlink.net... > Pete Sharman wrote: > > > > In article , "Howard says... > > > > > >I suspect this one will run and run. > > > > > snip good advice > > > > > >But Sybrand's point should be heeded: the SYS account is unique, and if all > > >you need to do is create tablespaces and Users, then you don't need it. All > > >routine administration should be done as SYSTEM (default password = > > >'manager'). > > > > > > > You know, I think this is one time I'd have to disagree with you Howard. SYSTEM > > still owns data dictionary tables for some functionality, such as replication. > > I tend to think NEITHER SYSTEM nor SYS should be used for this fucntionality. > > Create your own equivalent of SYSTEM, but don't use either SYS or SYSTEM for > > this. Other viewpoints? > > I think it's a tradeoff between managability/convenience and security. > As with just about everything else, It Depends. I'm not saying I'd > recommend what we do for most shops, but I connect / as sysdba > routinely. We have hundreds of Oracle instances in the dataceneter > which are owned by many different organizations within the company - > having my own dba-level account on each of these, and one for every > other datacenter dba, would be a bit of a management headache. Most of > what I need to do is connect, run a few queries on V$ or DBA_ > tables/views, do an alter system or two, etc., so the risk is usually > relatively low. Sure, we could probably automate database account > maintenance in a similar manner to our server account system. But for > us, the risk we run by connecting as sysdba is outweighted by the > increased convenience and lower managability issues. > > Regards, > Sean