Meaning of SYSDBA Privilege

Similar Messages

• New user with sysdba privilege gets connected as user sys

  hi ,
  I am using oracle 10g R2 . I have a user named test . I have provided sysdba privilege to this user . Now , when I login to this user as conn tkcsowner/password
  it gets connected , I created a table in that , the table data is fine . But, when I login as conn tkcsowner/password as sysdba , it connects , if I execute show user it shows "user is sys" , and the table is not here .
  My question is ............
  1. if I login to tkcsowner as sysdba , where do I login actually , to sys account or to tkcsowner ?
  2. I want to execute some stored procedures through tkcsowner , which requires sysdba privilege . But , how can I can execute those from tkcsowner , but not from sys ?
  Any additional info on this would be appreciated . thank you.

  My question is ............
  1. if I login to tkcsowner as sysdba , where do I login actually , to sys account or to tkcsowner ?Yes, teh correct behavior. If you would use the o/s authentication, you would be connected as Sys user since Oralce would bypass the supplied username and password of yours over the prompt.
  2. I want to execute some stored procedures through tkcsowner , which requires sysdba privilege . But , how can I can execute those from tkcsowner , but not from sys ?When you are going to connect with Sysdba role, you would be connected as Sys user. I am not sure what you exactly mean by saying that the procedure requires the Sysdba privilege? Procedure doesn't need any Sysdba privilege( there isn't such thing since its a role not a privilege) but the provilege of Execute on that procedure . So you do want to check it out what you are actually looking for and why?
  HTH
  Aman....

• Unable to log in with sysdba privileges

  Hi All,
  I am not able to connect with sysdba privileges through the sql*plus on the remote machine running on Windows. It gives me the following error :
  Connected to:
  Oracle Database 10g Enterprise Edition Release 10.2.0.2.0 - 64bit Production
  With the Partitioning, OLAP and Data Mining options
  SQL> conn sys@inftmark as sysdba
  Enter password: ******
  ERROR:
  ORA-01031: insufficient privileges
  Warning: You are no longer connected to ORACLE.
  SQL> while my initialization file has following entries:
  remote_os_authent = true
  remote_login_passwordfile = exclusiveMoreover, i am able to login with user "system" through sql*plus on windows.
  My OS : Solaris 64 bit (database running on Solaris machin)
  Database : 10.2.0.2
  Any idea, what's missing ?

  Yogesh,
  Did you try adding a new password file? In your pfile location, try this --
  1) Remove the existing password (orapw<SID>) file
  2) Generate a new password file - orapwd file=orapw<SID> password=<SYS_passwd>
  Try reconnecting thru the SQL*Plus client.
  - Ravi

• Authentication error as sysdba privilege

  Friends ,
  In my Redhat Ent Linux 5 server I have to face the below problem while I am connectiong to the database as sysdba privileges :
  [oracle@localhost ~]$ sqlplus / as sysdba
  SQL*Plus: Release 10.2.0.4.0 - Production on Thu Aug 27 13:41:07 2009
  Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
  ERROR:
  ORA-01031: insufficient privileges
  Enter user-name:
  My sqlnet.ora file configuration is :
  [oracle@localhost admin]$ cat sqlnet.ora
  # sqlnet.ora Network Configuration File: /u01/app/oracle/product/10.2.0/db_1/network/admin/sqlnet.ora
  # Generated by Oracle configuration tools.
  SQLNET.AUTHENTICATION_SERVICES= (NONE)
  NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
  Any body plz help me to solve this problem ?

  Shipon_97,
  Please make sure your network administrator didn't block http://tahiti.oracle.com
  Please go to http://tahiti.oracle.com and look for ORA-1031
  It contains the answer to this doc question, and all the other doc questions you have been asking so far.
  Please make sure you re-read the Forums Etiquette post and kindly stop your gross abuse of this forum by asking questions for which you can find the answer yourself without effort.
  Sybrand Bakker
  Senior Oracle DBA

• ADDM Report is not produced by SQL DEV 4.0 if logged in user does not have SYSDBA privilege

  Hello -
  In SQLDEV 4.0 (Early Adapter), I logged in as user with no SYSDBA privilege granted. But ADVISOR granted and  execute on DBMS_ADDM granted and "select any dictionary" granted, etc.
  Then i go to the menu View --> DBA --> Performance --> Automatic Database Diagnostic Monitor
  Select ADDM report from the available choices.
  Out of 3 menu options: Summary, Findings and ADDM Report, I can see the first two, but I am getting a grey screen for ADDM Report.
  ^^^^^^^^^^^^^^^^^^^^^
  If i do exactly the same but login as SYSDBA, then ADDM Report can be produced and can be seen. So the issue is in the missing grants and privileges.
  ^^^^^^^^^^^^^^^^^^^^^^
  The goal that we are pursuing in our shop is to empower developers to work with ADDM reports by having them login as non-SYSDBA user.
  ^^^^^^^^^^^^^^^^^^^^^^^^
  Please advise what privilege should be granted to get this working for non-SYSDBA login
  The same user can successfully execute $ORACLE_HOME/rdbms/admin/addmrpt.sql and produce file with complete ADDM report. But not able to get the ADDM from SQL DEV 4.0
  Thank you,
  vr

  Thank you, Phil.
  This worked for me in my quick test case.
  Great help, as DBA group wants to allow NON-privileged users (like Developers and QA) to execute ADDM on demand.
  Here is my observation for RAC database with two instances.
  I have followed your instructions:
  "Performance / Automatic Database Diagnostic Monitor -> Run ADDM"
  Then
  - Uncheck box "By Creating New Snapshot" (this box was checked by default)
  - Provide new "Task Name" (let's say "vr1")
  - Select "Start Snapshot" (this is where my first confusion is: each screen shot # is shown twice, may be because i have two instances of RAC)
  - Select "End Snapshot" (the same way: each SNAP_ID is shown twice)
  - and finally APPLY button is pressed
  This creates 3 reports:
  vr1
  vr1$1 (for instance_id=1)
  vr1$2 (for instance_id=2_
  So, my question is: this expected and normal behavior of the tool?
  What if my RAC database has 8 instances? Then I would generate 9 separate ADDM reports?
  Is this correct observation?
  Thank you,
  vr

• System & sysdba privilege

  since system account has been granted sysdba privilege during the creation of database why it can not startup or shutdown the instance .is it restricted to sys user regardless if other users has been granted sysdba privilege or not ?
  Thanks in advance.

  system has only "dba" privilege, but not "sysdba".
  Regards
  Laurent Schneider

• Connect ORACLE database with sysdba privileges

  Hi Guru,
  I am connecting to my ORACLE database with my VB application.
  I have problem with connecting to the database with SYSDBA privileges. i.e it is not connecting to the database with SYSDBA privileges.
  If I connect my db from SQLPLUS. Its worked like this..
  Connected to:
  Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production
  With the Partitioning, OLAP and Oracle Data Mining options
  JServer Release 9.2.0.1.0 - Production
  SQL> select Name from v$datafile;
  select Name from v$datafile
  ERROR at line 1:
  ORA-00942: table or view does not exist
  SQL> connect as sysdba;
  Enter user-name: user_1
  Enter password: ****
  Connected.
  SQL> select Name from v$datafile;
  NAME
  C:\NEW\ORADATA\ITPL\SYSTEM01.DBF
  C:\NEW\ORADATA\ITPL\UNDOTBS01.DBF
  C:\NEW\ORADATA\ITPL\CWMLITE01.DBF
  C:\NEW\ORADATA\ITPL\DRSYS01.DBF
  C:\NEW\ORADATA\ITPL\EXAMPLE01.DBF
  C:\NEW\ORADATA\ITPL\INDX01.DBF
  C:\NEW\ORADATA\ITPL\ODM01.DBF
  C:\NEW\ORADATA\ITPL\TOOLS01.DBF
  C:\NEW\ORADATA\ITPL\USERS01.DBF
  C:\NEW\ORADATA\ITPL\XDB01.DBF
  10 rows selected.
  SQL>
  Now in my VB application if I am using following string to connect the database.
  m_adoCnn.ConnectionString = Provider=MSDAORA;Password=pass;User ID=user_1;DBA Privilege=SYSDBA;Data Source=ITPL
  It will connect properly to the database but gives error while executing the query select Name from v$datafile;
  as,
  ORA-00942: table or view does not exist
  Can any body help me in this or provide me proper connection string.

  Hello,
  I am getting below error when i kust Clic k on Test Connection in SSMS:
  TITLE: Microsoft SQL Server Management Studio
  The test connection to the linked server failed.
  ADDITIONAL INFORMATION:
  An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
  Cannot initialize the data source object of OLE DB provider "OraOLEDB.Oracle" for linked server "test".
  OLE DB provider "OraOLEDB.Oracle" for linked server "test" returned message "ORA-12154: TNS:could not resolve the connect identifier specified". (Microsoft SQL Server, Error: 7303)
  For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=10.50.4000&EvtSrc=MSSQLServer&EvtID=7303&LinkId=20476
  BUTTONS:
  OK
  Can you please guide is there any other setting i need to do after install Oracle Client ?
  Best Regards,
  Tushar Malvi

• How can I find exact username if I connected with sysdba privilege?

  I granted sysdba privilge to a database user. I can connect that user as sysdba. From that users session, 'show user' command showing "SYS" and also username from v$session is also showing "SYS". How can I find actual username used for connecting the database as sysdba?
  Steve Abraham

  user10247588 wrote:
  Thanks for the replay..
  But my requirement is that in our production system auditors want to give separate username for each administrators (they are not recommending sys and system).
  Normal dba privilege is not a problem. But for sysdba privilege every users are showing the user "SYS". How we can I identify which user is login to the database for a particular work if they connected as sysdba. How can I find which user did that (not just want the username "SYS", because all the administrators are identified by sys if they are connected as sysdba). If auditing is enabled how can I find the exact username. Because we are planning to give sysdba privilege to some of the administrators.
  Also, is there any option to find the username, if one user is initiate shutdown of the database?First Please close the thread and keep questioning in only one thread.
  then do not connect as sysdba

• SYSDBA privilege

  DB:11.2.0.3
  I have given sysdba privilege to one of the user "TEST" in primary database. To connect to the physical standby database using TEST user remotely, do i need to use the same password as sys or can i store the TEST password in the password file.

  Standby Database can be connected by using SYSDBA or SYSOPER privilege.
  If you use SYSDBA, the user you login will be SYS user.
  If you use SYSOPER, the user you login will be PUBLIC user.
  So there is no need to create a new user in Primary and Assign SYSDBA privilege to login standby database. You can use SYS user to login to the STANDBY database.
  SYS Password for Primary & Standby Database should be same. Best option is to ftp the primary Password File and Put in Standby database Location.
  Please Mark you Post as Answered or Helpful, if it served your needs.
  Thanks & Regards,
  SID
  (StepIntoOracleDBA)
  Email : [email protected]
  http://stepintooracledba.blogspot.in/

• ADDM Report is not produced if logged in user does not have SYSDBA privilege

  Hello -
  In SQLDEV 4.0 (Early Adapter), I logged in as user with no SYSDBA privilege granted. But ADVISOR granted and  execute on DBMS_ADDM granted and "select any dictionary" granted, etc.
  Then i go to the menu View --> DBA --> Performance --> Automatic Database Diagnostic Monitor
  Select ADDM report from the available choices.
  Out of 3 menu options: Summary, Findings and ADDM Report, I can see the first two, but I am getting a grey screen for ADDM Report.
  ^^^^^^^^^^^^^^^^^^^^^
  If i do exactly the same but login as SYSDBA, then ADDM Report can be produced and can be seen. So the issue is in the missing grants and privileges.
  ^^^^^^^^^^^^^^^^^^^^^^
  The goal that we are pursuing in our shop is to empower developers to work with ADDM reports by having them login as non-SYSDBA user.
  ^^^^^^^^^^^^^^^^^^^^^^^^
  Please advise what privilege should be granted to get this working for non-SYSDBA login
  Thank you,
  vr

  Thank you, Phil.
  This worked for me in my quick test case.
  Great help, as DBA group wants to allow NON-privileged users (like Developers and QA) to execute ADDM on demand.
  Here is my observation for RAC database with two instances.
  I have followed your instructions:
  "Performance / Automatic Database Diagnostic Monitor -> Run ADDM"
  Then
  - Uncheck box "By Creating New Snapshot" (this box was checked by default)
  - Provide new "Task Name" (let's say "vr1")
  - Select "Start Snapshot" (this is where my first confusion is: each screen shot # is shown twice, may be because i have two instances of RAC)
  - Select "End Snapshot" (the same way: each SNAP_ID is shown twice)
  - and finally APPLY button is pressed
  This creates 3 reports:
  vr1
  vr1$1 (for instance_id=1)
  vr1$2 (for instance_id=2_
  So, my question is: this expected and normal behavior of the tool?
  What if my RAC database has 8 instances? Then I would generate 9 separate ADDM reports?
  Is this correct observation?
  Thank you,
  vr

• SYSDBA privileges

  I installed an instance of Oracle 8.0i in a Windows NT 4.0 Server edition. After that I logged in using the SYS account and I could not perform some tasks like changing some instance's parameters, shutdown the instance, etc.
  What should I configure in order to have SYSDBA privileges?
  Thanks in advance.
  Walter
  null

  Hi Walter,
  what you need to do is
  1.set an init.ora parameter
  remote_login_passwordfile=exclusive.
  2.shutdown and startup the instance so that the parameter takes effect.
  3.connect as internal.
  4.grant sysdba to sys.
  this will allow the sys user to connect and perform the sysdba activities.
  If this doesnt allow you to connect as sys and perform sysdba tasks,you will have to create the passwordfile i.e. pwd<sid>.ora
  using the 'orapwd' command .
  That should allow you to connect.
  Thanks and Regards,
  Mandar

• Dbms_streams_auth.grant_admin_privilege sys as sysdba privilege ?

  When I execute dbms_streams_auth.grant_admin_privilege procedure as a user granted the DBA role. I get the following error:
  ORA-01031: insufficient privileges
  ORA-06512: at "SYS.DBMS_STREAMS_AUTH", line 1211
  ORA-06512: at line 2
  I can only execute this command with the sys as sysdba on the oracle host. Not as system user from an external machine.
  anyone know which privilege that sys user has that system doesnt ? I have tried all the execute privileges, but its not working.
  Svein

  Hello
  The basic reason why this can not be done with the SYSTEM user is that SYSTEM does not have all the privileges granted with GRANT OPTION. Now if you would like to make system to perform this, please follow the below:
  connect / as sysdba
  create directory tmp_dir as '/tmp';
  --i assume strmadmin user exists already
  begin
  dbms_streams_auth.grant_admin_privilege
  grantee=>'SYSTEM',
  grant_privileges=>false,
  file_name=>'strm_privs.sql',
  directory_name=>'tmp_dir'
  end;
  Now edit the file 'strm_privs.sql' and modify all the grant statements and add WITH GRANT OPTION clause. Execute this file from SYS so that SYSTEM gets all the required privileges. Now you should be able to perform this from SYSTEM itself.
  I have not tested this and verified. Still I doubt the last statement in the file will still fail and you need this to execute from SYS:
  BEGIN
       dbms_streams_auth.grant_remote_admin_access('strmadmin');
  END;
  Thanks,
  Rijesh

• Remove sysdba privilege for user

  Hi,
  $ sqlplus
  SQL*Plus: Release 9.2.0.7.0 - Production on Thu Apr 19 05:57:41 2007
  Copyright (c) 1982, 2002, Oracle Corporation.  All rights reserved.
  Enter user-name: / as sysdba
  Connected to:
  Oracle9i Release 9.2.0.7.0 - 64bit Production
  JServer Release 9.2.0.7.0 - Production
  SQL> exit
  Disconnected from Oracle9i Release 9.2.0.7.0 - 64bit Production
  JServer Release 9.2.0.7.0 - Production
  $
  $
  $ id
  uid=5000(webman) gid=103(wbroot)
  $I want to remove "sysdba" connect privilege for user "webman", what do I need to do?
  I am on HPUX
  Thanks

  I tried the revoke command below & I am stiil able to connect as "/ as sysdba" for webman.
  revoke sysdba from webman;These are the users on in the DB.
  SQL> select username from dba_users;
  USERNAME
  SYS
  SYSTEM
  OUTLN
  WEBMAN
  DBSNMP
  SECW
  SEC
  DAEMON
  8 rows selected.
  SQL> select username,granted_role,default_role from user_role_privs;
  USERNAME                       GRANTED_ROLE                   DEF
  WEBMAN                         CONNECT                        YES
  WEBMAN                         DBA                            YES
  WEBMAN                         OT_ADM                         YES
  WEBMAN                         OT_OWNER_ROLE                  YES
  WEBMAN                         OT_SEC                         YES
  WEBMAN                         OT_USR                         YES
  WEBMAN                         RESOURCE                       YES
  7 rows selected.

• How to get SYSDBA privileges???

  Hi,
  I can't change shared_pool parameters because I'm not connected as SYSDBA though my user account is a member of DBA role. I tried ro connect as NT admin - no much help either.
  Manual says: 'To connect as SYSOPER or SYSDBA using OS authentication you do not need the SYSOPER or SYSDBA system privileges. Instead, the server verifies that you have been granted the appropriate OSDBA or OSOPER roles at the operating system level.'
  Should I create OSDBA or OSOPER roles in NT and be a member of them?
  I created to blank role like above and add myself as the user - didn't work out. Probably I miss something.
  What privileges should NT admin grant to the roles?
  I'm stuck please help ))
  Thanks in advance
  Marina

  thanks George
  Unfortunatelly it doesn't help may be because I use Oracle 8.1.7
  I have no problem connecting as SYS. The problem is that I can't connect with SYSDBA priv. though my account is super admin. I'm able to connect as myself with SYSOPER and Normal privs , but even with SYSOPER privs I can't edit database parameters or start/shutdown DB.
  Any ideas?
  Thanks in advance
  Marina

• SYSDBA & SYSOPER privileges

  Upon database creation, user SYS is created with the SYSDBA system privilege and user SYSTEM is created with the SYSOPER system privilege. It is possible to grant the privilege to other users as long as you are logged in as SYS AS SYSDBA. The problem is that before my arrival to my company someone went in and revoked the SYSDBA privilege from SYS and the SYSOPER privilege from SYSTEM. No user within the database holds these privileges anymore. Is it possible to regain the SYSDBA & SYSOPER privilege for SYS without having to recreate the database??? The SYSDBA privilege is not even possible to grant to SYS since I obviously have to log in as SYS AS SYSDBA but can't since the privilege was revoked. Any ideas???

  Michael, lets start from scratch here b/c some of your assumption are off. SYS and SYSTEM are not granted SYSDBA or SYSOPER by default.
  You can "connect internal" which gives you SYSDBA privs. Set up a password file using the "orapwd" executable and in the init.ora file set remote_login_passwordfile = exclusive. When you connect you will become SYS in the database and have the SYSDBA privilege.
  Or simple connect to the operating system with a unix user that is in the group designated as "OSDBA" - the name of the UNIX group is probably "dba". Then you can "connect internal" or "connect / as sysdba". When you connect you will become SYS in the database and have the SYSDBA privilege.
  HTH,
  Aaron Newman
  Database Security Consultant