This article describes the different ways you can connect to Oracle as an administrative
user. It describes the options available to connect as SYSDBA or SYSOPER.
Oracle 8.1 was the last release to support the 'CONNECT INTERNAL' syntax :
therefore you must use SYSDBA or SYSOPER privileges in current releases.
1) Administrative Users
~~~~~~~~~~~~~~~~~~~~~~~
There are two main administrative privileges in Oracle: SYSOPER and SYSDBA
These are special privileges as they allow access to a database instance even
when it is not running and so control of these privileges is totally outside of
the database itself.
SYSOPER privilege allows operations such as:
Instance startup, mount & database open ;
Instance shutdown, dismount & database close ;
Alter database BACKUP, ARCHIVE LOG, and RECOVER.
This privilege allows the user to perform basic operational tasks without the ability to look at user data.
SYSDBA privilege includes all SYSOPER privileges plus full system privileges
(with the ADMIN option), plus 'CREATE DATABASE' etc..
This is effectively the same set of privileges available when previously
connected INTERNAL.
2) Password or Operating System Authentication
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Password Authentication
~~~~~~~~~~~~~~~~~~~~~~~
Unless a connection to the instance is considered 'secure' then you MUST use a
password to connect with SYSDBA or SYSOPER privilege.
Users can be added to a special 'password' file using either the 'ORAPWD'
utility, or 'GRANT SYSDBA to USER' command.
Such a user can then connect to the instance for administrative purposes using
the syntax:
CONNECT username/password AS SYSDBA
or
CONNECT username/password AS SYSOPER
Remote connections require the database to be configured to allow remote DBA
operations. The remote user will have to supply a password in order to connect
as either SYSDBA or SYSOPER. The only real exception to this is on MS Windows
where remote connections may be secure.
To allow remote administrative connections you must:
- Set up a password file for the database on the server
- Set up any relevant init.ora parameters
Operating System Authentication
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If the connection to the instance is local or 'secure' then it is possible to
use the operating system to determine if a user is allowed SYSDBA or SYSOPER
access.
In this case no password is required.
The syntax to connect using operating system authentication is:
CONNECT / AS SYSDBA
or
CONNECT / AS SYSOPER
一些进展
1 周前
没有评论:
发表评论