From oracle-l-bounce@freelists.org Tue Jun 15 19:18:54 2004 Return-Path: Received: from air189.startdedicated.com (root@localhost) by orafaq.com (8.11.6/8.11.6) with ESMTP id i5G0Ibt22333 for ; Tue, 15 Jun 2004 19:18:47 -0500 X-ClientAddr: 206.53.239.180 Received: from turing.freelists.org (freelists-180.iquest.net [206.53.239.180]) by air189.startdedicated.com (8.11.6/8.11.6) with ESMTP id i5G0IR622292 for ; Tue, 15 Jun 2004 19:18:37 -0500 Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 7722172C4C2; Tue, 15 Jun 2004 19:03:07 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28434-44; Tue, 15 Jun 2004 19:03:07 -0500 (EST) Received: from turing (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id BCB0872C202; Tue, 15 Jun 2004 19:03:06 -0500 (EST) Received: with ECARTIS (v1.0.0; list oracle-l); Tue, 15 Jun 2004 19:01:42 -0500 (EST) X-Original-To: oracle-l@freelists.org Delivered-To: oracle-l@freelists.org Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 95EF472C3C3 for ; Tue, 15 Jun 2004 19:01:41 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26921-61 for ; Tue, 15 Jun 2004 19:01:41 -0500 (EST) Received: from mother.bates.edu (mother.bates.edu [134.181.128.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 2A33A72C1D8 for ; Tue, 15 Jun 2004 19:01:41 -0500 (EST) Received: from a5199.bates.edu (a5199.bates.edu [134.181.129.112]) by mother.bates.edu (8.12.10/8.12.10) with ESMTP id i5G0MXxU001933 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Tue, 15 Jun 2004 20:22:33 -0400 Received: from A6402.bates.edu (a6402.bates.edu [134.181.195.183]) by a5199.bates.edu (8.12.10/8.12.10) with ESMTP id i5G0LxNK1298343 for ; Tue, 15 Jun 2004 20:21:59 -0400 (EDT) Message-Id: <6.0.3.0.0.20040615195610.01f96700@abacus.bates.edu> X-Sender: cleblan2@abacus.bates.edu (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.3.0 Date: Tue, 15 Jun 2004 20:21:56 -0400 To: oracle-l@freelists.org From: Catherine LeBlanc Subject: RE: Connecting as sysdba In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/html; charset="us-ascii" X-Virus-Scanned: by amavisd-new at freelists.org X-archive-position: 2800 X-ecartis-version: Ecartis v1.0.0 Sender: oracle-l-bounce@freelists.org Errors-To: oracle-l-bounce@freelists.org X-original-sender: cleblan2@abacus.bates.edu Precedence: normal Reply-To: oracle-l@freelists.org X-list: oracle-l X-Virus-Scanned: by amavisd-new at freelists.org I believe you do not need to have sysdba granted explicitly to a user if they are logged into the database server as a UNIX user that is a member of UNIX dba (sysdba) group. In this case you can connect as sysdba even if your oracle user account doesn't show up in v$pwfile_users. I have tested this because I have a similar problem in that I want to prevent programmers logged into our UNIX application software owner account from connecting as sysdba. I have not figured out how to do this, and I cannot easily change the application software owner account. Ideas anyone?

Catherine LeBlanc

At 01:00 PM 6/1/2004, Zeng, Lei wrote:

To my knowledge, for a user account to be able to 'connect as sysdba',
it needs to be granted 'SYSDBA' privilege (use 'GRANT SYSDBA to USER'
command). To check which user account is currently having SYSDBA
privilege, query table v$PWFILE_USERS .

Lei

-----Original Message-----
From: syed jaffar hussain [mailto:sjaffarhussain@hotmail.com]
Sent: Sunday, May 30, 2004 9:57 AM
To: oracle-l@freelists.org
Subject: Connecting as sysdba

Hello list,

I have noticed onething, when I logon to my UNIX as oracle user, I am
able to connect to the database as sysdba from any database user.

Sqlplus /nolog
Connect user_1/password as sysdba;

I want to prevent all DB users, except sys, to connect as sysdba. How
can I do it? I tried to change the remote_login_passwordfile values but
vain.

Is this expected behaviour or do I have to change anything in the
init.ora file?

Regds
Jaffar
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@freelists.org put
'unsubscribe' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@freelists.org
put 'unsubscribe' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------

---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request@freelists.org put 'unsubscribe' in the subject line. -- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html -----------------------------------------------------------------