The SYSDBA and SYSOPER Roles
In Chapter 8, we’ll examine the use of operating system privileges for database access. One of the privileges used for authentication is the OSDBA operating system privilege. Another operating system privilege is OSOPER. Working hand in hand with these privileges is a mechanism known as the SYSDBA and SYSOPER roles, created in version 7.1.6 of the Oracle RDBMS.
Remote Database Administration
If a database account has been granted the SYSDBA or SYSOPER role, that account gains the ability to connect in any of the following ways:
| CONNECT INTERNAL AS SYSDBA |
| CONNECT / AS SYSDBA |
| CONNECT INTERNAL AS SYSOPER |
| CONNECT / AS SYSOPER |
The user can then perform privileged actions like starting up and shutting down the database. An account connected as SYSDBA can perform any function a user who has been granted the DBA role can perform. The SYSDBA privilege should be granted as cautiously as the normal DBA role. The SYSDBA role enables you to perform the following actions (as well as execute any of the privileges shown in Table 5.4):
Create a database
Start up a database
Alter a database mount or open
Alter a database for backup
Enable archive logging
Recover a database
Restrict a session
Shut down a database
System Privileges for the SYSDBA and SYSOPER Roles
SYSDBA role system privileges are shown in Table 5.4. There are 77 of these privileges in Oracle7, and 89 in Oracle8. The 12 new privileges in Oracle8 encompass actions with directory, library, and type. From a ...
Get Oracle Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
