The DBA Role
The role that literally has the “keys to the kingdom” is the DBA role. With few exceptions, this role will allow the granted user to do almost anything he wants within SQL*Plus or the Server Manager Utility. Well, almost anything. Unless the user has also been placed in the system group, which enables DBA access and the ability to CONNECT INTERNAL or CONNECT / AS SYSDBA, he will not be able to start up or shut down the database, or even completely destroy it by issuing a CREATE DATABASE statement on an existing database. However, he will be able to do tremendous damage to a database by adding or removing tablespaces or other objects — either maliciously or unintentionally.
System Privileges for the DBA Role
DBA role system privileges are shown in Table 5.3. There are 77 of these privileges in Oracle7, and 89 in Oracle8. The 12 new privileges in Oracle8 encompass actions with directory, library, and type.
Note
A user who has been granted the DBA role has ADMIN OPTION and can therefore pass any of the associated privileges to other users with or without ADMIN OPTION if he chooses.
Table 5-3. DBA Role System Privileges
|
Privilege |
|---|
|
ALTER ANY CLUSTER |
|
ALTER ANY INDEX |
|
ALTER ANY LIBRARY (new in Oracle8) |
|
ALTER ANY PROCEDURE |
|
ALTER ANY ROLE |
|
ALTER ANY SEQUENCE |
|
ALTER ANY SNAPSHOT |
|
ALTER ANY TABLE |
|
ALTER ANY TRIGGER |
|
ALTER ANY TYPE (new in Oracle8) |
|
ALTER DATABASE |
|
ALTER PROFILE |
|
ALTER RESOURCE COST |
|
ALTER ROLLBACK SEGMENT |
|
ALTER SESSION |
|
ALTER SYSTEM |
|
ALTER TABLESPACE |
|
ALTER ... |
Get Oracle Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
