Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Usenet -> c.d.o.server -> Re: Help on SYSDBA previliege
What Lawrence said is correct. When you connect as SYSDBA, you get your
Oracle privileges from the operating system using your operating system user
ID, not your Oracle user ID. This applies on Windows as well as on Unix and
its variants (Linux, etc.).
Given that, it figures that your scenario would work as it does. Your operating system user ID did not change during the session, so Oracle will continue to use it.
However, your scenario will not work with the following changes.
The last connect will fail because the second user does not have the privilege to be the DBA.
Rick
"santysharma" <santysharma_at_hotmail.com> writes:
> yes , i tried it on WIN 2000. Oh man this is definately is a serious bug.
> i can connect scott/tiger as sysdba
> after that i created user ab identified by ab
> then i was also able to connect as ab/ab as sysdba
> even did shutdown with this ab a/c.
> So much for Oracle 9i
>
> santysharma
> Oracle certified dba
> Sun certified system admin
>
>
>
>
> "Lawrence Simela" <lsimela_at_mahalini.prestel.co.uk> wrote in message
> news:9p2453$g31$1_at_phys-ma.sol.co.uk...
> > Sounds like you have OS authentication.
> >
> > If you are logged in as someone in the dba group you can run sqlplus and
> > connect as SYSDBA. You can give an name and password and it will work so
> > long as you are logged in as a dba group member at OS level.
> >
> > So when you do CONNECT mike/mike AS SYSDBA it is SYS who connects not
> mike..
> >
> > hth
> > Lawrence
> >
> > "Yang Hou" <yanghou_at_lucent.com> wrote in message
> > news:9p1dgh$fjh_at_nntpa.cb.lucent.com...
> > > Hi,
> > >
> > > I installed Oracle8i dtabase on HP 9000 server,then I create a general
> > user
> > > name "mike" ( Oracle account) with password "mike". I only grant "create
> > > session" previliege to this user, but when I log in using this account ,
> I
> > > find I can run "CONNECT mike/mike AS SYSDBA". This make me feel strange,
> > > cause I haven't grant any role and SYSDBA administrator previliege
> > > "Mike"."Mike" is only a Oracle account and doesn't belong default user
> > group
> > > "dba".
> > >
> > > In Oracle 9i Administrator Guide( PDF from Oracle official site), there
> is
> > > one sentence "Control of these privileges is totally outside of the
> > database
> > > itself."( chapter 1, Page 1-13 ), I don't know its mean and can not find
> > > more clear description about this.
> > >
> > > Any assistance is appreciated!
> > >
> > >
> >
> >
>
>
-- Rick Wessman Security Assurance Group Oracle Corporation Rick.Wessman_at_oracle.com The opinions expressed above are mine and do not necessarily reflect those of Oracle Corporation.Received on Tue Oct 02 2001 - 12:46:15 CDT
![]() |
![]() |