Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: SYSDBA access (newbie)

Re: SYSDBA access (newbie)

From: Paul Brewer <paul_at_paul.brewers.org.uk>
Date: Thu, 22 May 2003 19:49:13 +0100
Message-ID: <3ecd1c0b_1@mk-nntp-1.news.uk.worldonline.com> 





"Frank" <fvanbortel_at_netscape.net> wrote in message
news:3ECBD8CE.9050102_at_netscape.net...


> Howard J. Rogers wrote:

> > Please don't do what these two replies suggest!

> >

> > SYSTEM is a powerful account that can do everything that SYS can do,

with


> > the only exception being that privileged actions (startup, shutdown,

backup,


> > recover, create database) can only be done by SYS.

> >

> > And that's the way it should stay. SYSTEM should not ever be granted

> > privileged action status.

> >

> > For [at least] one very good reason: anything granted by SYS, anything

> > created by SYS, can never be exported. If you get into the habit of

logging


> > on as a privileged user (which is what would happen if you granted

SYSDBA to


> > SYSTEM) then you are going to create things and grant things which are

then


> > forever locked within that database, and not exportable. It's a severe

> > compromise of database recoverability and portability, and you'd be

insane


> > to go for it.

> >

> > Use SYS to do startups and shutdowns (etc). And use SYSTEM for all other

> > day-to-day database management. Use the accounts in the way they were

> > designed... because they were designed that way for a reason.

> >

> > Regards

> > HJR


> >

> >

> >

> > "Chief" <chiefgecko_at_mail.com> wrote in message

> > news:71497b46.0305191323.62ef5e80_at_posting.google.com...

> >

> >>"John M" <bali1a_at_freemail.hu> wrote in message

> >

> > news:<bt9ya.7750$FJ4.81567_at_news.chello.at>...

> >

> >>>Hello,

> >>>

> >>>I have just installed an Oracle 8i. I want to use DBA Studio to connect

> >>

> > to

> >

> >>>my DB. I want to login as SYSDBA with the default system/manager login.

> >>

> > But

> >

> >>>I become a message:

> >>>ORA-01031: insufficient privileges.

> >>>I have installed this Oracle version to an other PC too, and there I

can


> >>>login.

> >>>

> >>>What can be the problem?

> >>>

> >>>Thanks!

> >>

> >>Connect to the 'sys' username using

> >>sqlplus "/ as sysdba"

> >>or

> >>using DBA Studio connect to SYS using password with the "AS SYSDBA"

> >>option.

> >>

> >>Then...

> >>

> >>execute the sql: GRANT SYSDBA TO SYSTEM

> >>If this succeeds, then connect to the SYSTEM username using the "AS

> >>SYSDBA" option. If you still get ORA-01031 post a reply and someone

> >>can talk you through creating a password file and/or setting a

> >>init.ora param.

> >>

> >>Ciao, Tim...

> >

> >

> >


>




> Sorry - Howard is right of course, I should have elaborated

> on the "Not considered a Good Idea (tm), though..." as the

> header stated newbe - which completely slipped through


>




> --

> Regards, Frank van Bortel



>


Well, I don't want to start a war here, but I'm not sure I entirely agree.



Whilst I concur entirely with the idea of not granting sysdba to system, and
I completely agree with Howard about OS-authenticated 'sys as sysdba' for
starting and stopping, I'm not sure I'm convinced that the system account
should be for day-to-day use.



In fact I am coming round to the view that maybe the system account should
be locked, and the built-in DBA role dropped, in favour of creating a
'HOUSE_DBA' role with the necessary system privileges, and granting that
role to the BREWERP account, and to those of my DBA colleagues.



Constructive criticism welcomed.



Regards,


Paul
Received on Thu May 22 2003 - 13:49:13 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US