Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: SYS vs. SYSTEM

Re: SYS vs. SYSTEM

From: Quarkman <quarkman_at_myrealbox.com>
Date: 6 Aug 2003 22:53:28 -0700
Message-ID: <6f2ab2f8.0308062153.2e619a26@posting.google.com>


Brian Peasland <dba_at_remove_spam.peasland.com> wrote in message news:<3F317244.4E51994D_at_remove_spam.peasland.com>...
> > That's because it isn't a role at all, but a system privilege. Number 83 or
> > 94 (memory fails me) in the select * from system_privilege_map.
>
> I know. And that's what I was trying to point out, that it's not a role
> like other database roles.

Why you keep saying "like other roles", I don't know. It's not like other roles because it isn't a role. It's a bit like saying 'your automobile isn't an automobile like other trains'.

>But I didn't want to confuse the poor chap.

Uh huh. You're confusing the hell out of me by using the word 'role' where it doesn't belong, and I'm supposed to know something about it!!

> He was having difficulties with the differences between SYS and SYSTEM.

Yes, and the difference is the granting of the SYSDBA system privilege. That's all there is to it, and it is not (IMHO) very confusing to say it as plain as that.

> And I wouldn't say to that individual that SYSDBA is a system privilege

But then you'd be wrong to not say that, because it is.

> less he try to find it in DBA_SYS_PRIVS, where it isn't.

DBA_SYS_PRIVS isn't a list of what system privileges exist in the database, so why you'd go looking there to find anything about it in the abstract in the first place beats me.

Or are you saying that, because DBA_SYS_PRIVS records those system privileges which are granted to users and roles, you'd expect that if I said "grant sysdba to brian" I should be able to see the grant in this view? Only if you forget or don't know the essential feature of granting SYSDBA in the first place: which is that it copies your user details into the password file (and the grant won't work without there being a password file there in the first place). And the password file has its own view, v$pwfile_users.

I find confusion is best combatted by sticking to the facts wherever possible, and not introducing words (like "role") which have no place being there.

~QM Received on Thu Aug 07 2003 - 00:53:28 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US