Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Stop using SYS, SYSTEM?

RE: Stop using SYS, SYSTEM?

From: Michael Milligan <Michael.Milligan_at_ingenix.com>
Date: Wed, 12 Nov 2003 14:14:26 -0800
Message-ID: <F001.005D6746.20031112141426@fatcity.com> 





Ron,



Here's the deal with sys and system. To have ultimate authority (like to
shut down and start up the database), you have to log on with sysdba
privileges. That means putting a username in the password file, which
bestows the ability to log on with sysdba privileges. Here's the thing. No
matter who you give those sysdba privileges to by putting their logon in the
password file, Oracle sees it as sys. So if you give Fred sysdba privileges,
and he logs on like so:



connect fred/mypassword_at_mydb as sysdba



then do a:



select username from v$session



it will show:



username




mary


tom


sys



but no fred, because Oracle sees anyone logged on with sysdba privileges as
sys.



One other thing. sysdba is a privilege, and can't be granted to a role, only
to a user. Then, as I said, Oracle will see that user as sys whenever he or
she logs on with that privilege.



HTH,


Mike





-----Original Message-----


Sent: Wednesday, November 12, 2003 1:05 PM
To: Multiple recipients of list ORACLE-L




We are being asked by Auditing to stop using the SYS, and SYSTEM
accounts.  They would like for us to create an Oracle Role with the same
permissions a SYS and SYSTEM, then grant the role to each of the DBA's.
Don't ask me why.  Nothing is being audited in 99% of the databases.
They just say it in a paper some where so they said we shouldn't use it.
This seems like it would cause lots of problems with exports, imports,
installs, etc...  Has anyone had to deal with this type of request?  Any
potential problems with making the change?



Thanks!


Ron Smith




This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity to
which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified that
any dissemination, distribution or copying of this e-mail is prohibited. If
you have received this e-mail in error, please notify the sender by replying
to this message and delete this e-mail immediately.


-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.net


-- 



Author: Michael Milligan


  INET: Michael.Milligan_at_ingenix.com


Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Wed Nov 12 2003 - 16:14:26 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US