| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Grant create database
Carlos,
If all sorts of people can connect 'as sysdba' whether you've granted a privilege, revoked it, or done nothing, then it's a sure-fire bet that you've got operating system authentication switched on. I described that in my original post: check out the memberships of the ORA_DBA group (if you're on NT) or the dba group (if Unix).
New-ish DBAs on NT have a weird habit of adding 'Everyone' as a member of the server's local ORA_DBA group... which means anyone and everyone can do privileged actions. It shouldn't be so bad on Unix (since most Unix administrators seem to know what they're doing).
Check out the group memberships, anyway, and I think you'll find the answer there.
Regards
HJR
"Carlos Oliveira" <carlos.a.oliveira_at_vizzavi.pt> wrote in message
news:20020726161208.242fdd23.carlos.a.oliveira_at_vizzavi.pt...
> Hi
>
> Thank you very much for your help.
>
> I'm very new on Oracle and I don't have any background on databases.
>
> To give the privilege of creating a database to a user I made:
>
> grant sysdba to user
>
> Now I want to take back that privilege and I made:
>
> revoke sysdba from user
>
> But still I can connect the user as sysdba. Another strange thing is that
I can connect other users as sysdba.
> Is this normal? How do i really take back the sysdba privileges from
users?
>
> Thank you so much for everything
>
> Carlos
>
>
> On Fri, 26 Jul 2002 09:01:35 +1000
> "Howard J. Rogers" <howardjr2000_at_yahoo.com.au> wrote:
>
> > At the end of the day, the only user with the permissions to create a
> > database is SYS.
> >
> > SYS has that privilege by virtue of having been granted the SYSDBA
> > privilege. You can grant the same privilege to other Users, only if you
are
> > using an exclusive password file for privileged user authentication.
That
> > User (let's call him Fred) can then connect normally (connect
fred/password)
> > or as a privileged user (connect fred/password AS SYSDBA). However, in
the
> > latter case, if Fred then does something like 'show user', SQL Plus will
> > return the result "SYS": connecting anybody 'as sysdba' simply re-routes
> > their connection through the SYS schema. Hence my first statement above.
> >
> > There is another way to acquire the ability to perform privileged
actions,
> > of which 'create database' is just one: use Operating System
Authentication.
> > That is, on Unix there is a 'dba' group, and on NT an 'ORA_DBA' group.
> > Making a machine user account a member of that O/S group means that said
> > user can do a 'connect / as sysdba', and not be authenticated by the
> > database at all... at which point s/he has the necessary privileges to
> > create a database -though once again, a show user would return the
answer
> > 'SYS'.
> >
> > Regards
> > HJR
> >
> > "Carlos Oliveira" <carlos.a.oliveira_at_vizzavi.pt> wrote in message
> > news:20020725164651.22ab87c1.carlos.a.oliveira_at_vizzavi.pt...
> > > Hi
> > >
> > > Need your help on a simple question, i think...
> > >
> > > How do i grant the privilege to create a database to a user?
> > >
> > > Oracle 9i on Suse 8.0
> > >
> > > Thank you very much for the help
> > >
> > > Carlos
> >
> >
Received on Fri Jul 26 2002 - 18:18:22 CDT
 |
 |