Sys as sysdba/sysoper
Hi there
Can any body explain me, why SYS user should always connect to the database as SYSDBA/SYSOPER only?
Why he cannot login without as a SYSDBA/SYSOPER.
TIA
Aqueel.
Though you should understand the implications of making this change. Here's the excerpt from the Oracle docs.
"O7_DICTIONARY_ACCESSIBILITY is intended for use when you migrate from Oracle7 to Oracle9i. It controls restrictions on SYSTEM privileges. If the parameter is set to true, access to objects in the SYS schema is allowed (Oracle7 behavior). The default setting of false ensures that system privileges that allow access to objects in "any schema" do not allow access to objects in SYS schema.
For example, if O7_DICTIONARY_ACCESSIBILITY = false, then the SELECT ANY TABLE privilege allows access to views or tables in any schema except the SYS schema (data dictionary tables cannot be accessed). The system privilege EXECUTE ANY PROCEDURE allows access on the procedures in any schema except the SYS schema.
If this parameter is set to false and you need to access objects in the SYS schema, then you must be granted explicit object privilege. Also, the following roles, which can be granted to the database administrator, also allow access to dictionary objects: SELECT_CATALOG_ROLE, EXECUTE_CATALOG_ROLE, and DELETE_CATALOG_ROLE."
Similar Messages
-
CONNECT INTERNAL 시 SYS에 PASSWORD 걸기(SYSDBA, SYSOPER)
제품 : ORACLE SERVER
작성날짜 : 1997-03-31
SYS user 에 passwd 거는 방법
===========================
이를 걸게 되면 connect internal 접속 시 passwd를 물어보게 되며 DBA group이
아닌 다른 user에서도 sys user와 똑같이 작업할 수 있다.
1) initSID.ora 화일에
REMOTE_OS_AUTHENT = TRUE
REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE
2) ?/dbs 에서
orapwd file=orapwSID password=my_password entries=10
(이 때의 SID는 실제의 ORACLE_SID 를 적어주어야 함.)
3) connect internal 후
grant sysdba to scott
grant sysoper to scott 를 부여한다.
이를 부여하면 sys의 passwd를 알지 못해도
SVRMGR> connect internal;
SVRMGR> passwd ? :
만약 passwd 를 모르면
SVRMGR> connect scott/tiger as sysoper ;
SVRMGR> startup 이 가능하다.
참고) 이의 효과를 위해 /etc/group 화일에 oracle os user가 DBA group 이
아니어야 하며 일반 user에서도 위의 작업을 똑같이 실행하려면 configSID.ora
화일을 oracle user 아닌 다른 user에도 실행이 가능할 수 있도록 실행 MODE가
4755 이어야 한다.If you want to connect a new user as SYSDBA or SYSOPER, you must first create a repository. Check some document for creating a repository with seperate tablespace.
-
Upon database creation, user SYS is created with the SYSDBA system privilege and user SYSTEM is created with the SYSOPER system privilege. It is possible to grant the privilege to other users as long as you are logged in as SYS AS SYSDBA. The problem is that before my arrival to my company someone went in and revoked the SYSDBA privilege from SYS and the SYSOPER privilege from SYSTEM. No user within the database holds these privileges anymore. Is it possible to regain the SYSDBA & SYSOPER privilege for SYS without having to recreate the database??? The SYSDBA privilege is not even possible to grant to SYS since I obviously have to log in as SYS AS SYSDBA but can't since the privilege was revoked. Any ideas???
Michael, lets start from scratch here b/c some of your assumption are off. SYS and SYSTEM are not granted SYSDBA or SYSOPER by default.
You can "connect internal" which gives you SYSDBA privs. Set up a password file using the "orapwd" executable and in the init.ora file set remote_login_passwordfile = exclusive. When you connect you will become SYS in the database and have the SYSDBA privilege.
Or simple connect to the operating system with a unix user that is in the group designated as "OSDBA" - the name of the UNIX group is probably "dba". Then you can "connect internal" or "connect / as sysdba". When you connect you will become SYS in the database and have the SYSDBA privilege.
HTH,
Aaron Newman
Database Security Consultant -
Cannot sqlplus sys as sysdba from remote server :ORA-12154
Hi,
I am trying to connect from linux VM app server to the database as sys as sysdba but it returns TNS error. I verified that listener is up, the REMOTE_LOGIN_PASSWORDFILE is exclusive and there is password file.
[ORACLE@SERVER admin]$ sqlplus sys as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Fri Apr 12 21:45:08 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Enter password:
ERROR:
ORA-12154: TNS:could not resolve the connect identifier specified
==============================================
It works when I give the DB name
[ORACLE@SERVER admin]$ sqlplus sys@ODB2 as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Fri Apr 12 21:49:50 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
==================================================
Could anyone please help me with the issue ?
Edited by: Cherrish on Apr 12, 2013 10:53 PMCherrish wrote:
Hi,
I am trying to connect from linux VM app server to the database as sys as sysdba but it returns TNS error. I verified that listener is up, the REMOTE_LOGIN_PASSWORDFILE is exclusive and there is password file.
[ORACLE@SERVER admin]$ sqlplus sys as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Fri Apr 12 21:45:08 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Enter password:
ERROR:
ORA-12154: TNS:could not resolve the connect identifier specifiedRealize that sqlplus line above shows no @TNS_ALIAS so no SQL*Net should be used to connect.
please type EXACTLY (line for line) as shown below
env | sort
sqlplus
/ as sysdba
COPY the results from above then PASTE all back here -
Error Usage: CONNECT username [AS SYSDBA|SYSOPER]
Hi,
I am running a request set which starts of with unix shell script.
I get this error:
Invalid option.
Usage: CONNECT <username> [AS SYSDBA|SYSOPER]
Invalid option.
Usage: CONNECT <username> [AS SYSDBA|SYSOPER]
Invalid option.
Usage: CONNECT <username> [AS SYSDBA|SYSOPER]
unable to CONNECT to ORACLE after 3 attempts, exiting SQL*Plus
Can anyone tell me why this is happening/
thanks
AshThis is the unix script which is used:
Please let me know where is goin wrong:
#!/usr/bin/ksh
##sqlplus -s apps/w0rkin <<-ENDSQL
logi=`echo $1|awk '{print $3 }'`
login=`echo $logi|awk -F'=' '{ print $2 }'|sed 's/"//g'`
org_id=`echo $1|awk '{print $9 }'`
sqlplus -s $login <<ENDSQL
set serveroutput on size 1000000 verify off
define xxdata=${XXDATA}
variable xxdatav varchar2(100)
var status_out NUMBER;
define org=$org_id
DECLARE
v_xxdata_path1 Varchar2(100);
v_xxdata_path2 Varchar2(100);
v_errbuf Varchar2(100);
v_retstat Number;
v_org VARCHAR2(20);
BEGIN
--v_xxdata_path1 := '&xxdata'||'/ont/outbound';
v_xxdata_path1 := '&xxdata'||'/ont/oraout';
v_xxdata_path2 := '${XXDATA}';
dbms_output.put_line('1. XXDATA ='||v_xxdata_path1);
dbms_output.put_line('2. Organization Id ='||'&org');
select decode('&org','""','-1',null,'-1','&org')
into v_org
from dual;
dbms_output.put_line('v_org='||v_org);
xxont_bt_outbound_pkg.create_outbound_btfile(v_xxdata_path1,to_number(v_org),
v_errbuf,v_retstat);
dbms_output.put_line('v_retstat='||v_retstat);
:status_out := v_retstat;
--dbms_output.put_line('2. XXDATA ='||v_xxdata_path2);
:xxdatav := '${XXDATA}';
END;
print :status_out
exit :status_out
ENDSQL
if [ $? -ne 0 ]
then
echo "Outbound file creation failed!!!"
exit 1
else
exit 0
fi -
Hi ,
I have installed Oracle 11.2.0 . When connecting to sqlplus with sys as sysdba . Getting error as NO listener .
I started listener . But finally getting the message as
The listener supports no services
The command completed successfully
Kindly helpI am getting the same message
Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/11.2.0/dbhome_1/log/diag/tnslsnr/oracledb/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracledb.example.com)(PORT=1521)))
The listener supports no services
The command completed successfully
I don't find the services entry here . -
Connecting as sysdba / sysoper
Hi Guys, If I do this
connect / as sysdba
connect / as sysoper
I am connected but how do I ensure that it prompts me for a sysdba / sysoper password before it connects me.
Thank you.and the exact to connect would be
$sqlplus "/ as sysdba"
or
$sqlplus
username:/ as sysdba
password:yourwish/nopassword/anything
or
$sqlplus /nolog
sql> conn / as sysdba
But for all these things you need to set up ORACLE_SID,ORACLE_HOME,PATH varibales
but dont use OS authentication -
Hi
Anyone can help me with the following error we are getting
SP2-0306:Invalid option.Usage:CONN[ECT][logon][AS{SYSDBA|SYSOPER}]where<logon>::=<username>[<password>][@<connect_identifier>]|/
We just upgrated to R12 and the shell script that we run is returning the above error message.
Below is the script
# Determine employee ID of send-to
echo "Determine employee ID of send-to"
if [ $8 ]
then
EID=`echo "${CONNECT} \n
set heading off \n
set feedback off \n
select employee_id from FND_USER where upper(user_name) = '${USRNAME}';" |
${ORACLE_HOME}/bin/sqlplus -s`
echo "CONNECT values " ${CONNECT}
echo "Connected to DB " $EID
echo "employee fax "
# employee fax
EFAX=${11}`echo "${CONNECT} \n
set heading off \n
set feedback off \n
select fax_number from POS_PO_EMPLOYEE_DETAILS_V where employee_id=${EID};" |
${ORACLE_HOME}/bin/sqlplus -s |
sed s/-//g`%[email protected]
echo "Employee Fax "$EFAX
EFAX2=`echo $EFAX|sed s/' '/'%91'/`
EFAX=$EFAX2
# employee email
EEMAIL=`echo "${CONNECT} \n
set heading off \n
set feedback off \n
select email_address from HR_EMPLOYEES_ALL_V where employee_id=${EID};" |
${ORACLE_HOME}/bin/sqlplus -s`
EEMAIL2=`echo $EEMAIL|sed s/' '//g`
EEMAIL=$EEMAIL2
echo "Employee Email "$EEMAIL
fi
thank youI ended up rewriting the shell script and it works fine now
if [ $8 ]
then
EID=`${ORACLE_HOME}/bin/sqlplus -s ${CONNECT} <<EOF
set heading off;
set feedback off;
select employee_id from FND_USER where upper(user_name) = '${USRNAME}';
exit;
EOF`
echo "Connected to DB " $EID
echo "employee fax "
# employee fax
EFAX=${11}`${ORACLE_HOME}/bin/sqlplus -s ${CONNECT} <<EOF
set heading off;
set feedback off;
select replace(fax_number,'-') from POS_PO_EMPLOYEE_DETAILS_V where employee_id=${EID};
exit;
EOF`%[email protected]
echo "Employee Fax "$EFAX
EFAX2=`echo $EFAX|sed s/' '/'%91'/`
EFAX=$EFAX2
# employee email
EEMAIL=`${ORACLE_HOME}/bin/sqlplus -s ${CONNECT} <<EOF
set heading off;
set feedback off;
select email_address from HR_EMPLOYEES_ALL_V where employee_id=${EID};
exit;
EOF`
EEMAIL2=`echo $EEMAIL|sed s/' '//g`
EEMAIL=$EEMAIL2
echo "Employee Email "$EEMAIL
fi
thank you for your help!
Edited by: user618218 on May 20, 2013 2:39 PM -
When I execute dbms_streams_auth.grant_admin_privilege procedure as a user granted the DBA role. I get the following error:
ORA-01031: insufficient privileges
ORA-06512: at "SYS.DBMS_STREAMS_AUTH", line 1211
ORA-06512: at line 2
I can only execute this command with the sys as sysdba on the oracle host. Not as system user from an external machine.
anyone know which privilege that sys user has that system doesnt ? I have tried all the execute privileges, but its not working.
SveinHello
The basic reason why this can not be done with the SYSTEM user is that SYSTEM does not have all the privileges granted with GRANT OPTION. Now if you would like to make system to perform this, please follow the below:
connect / as sysdba
create directory tmp_dir as '/tmp';
--i assume strmadmin user exists already
begin
dbms_streams_auth.grant_admin_privilege
grantee=>'SYSTEM',
grant_privileges=>false,
file_name=>'strm_privs.sql',
directory_name=>'tmp_dir'
end;
Now edit the file 'strm_privs.sql' and modify all the grant statements and add WITH GRANT OPTION clause. Execute this file from SYS so that SYSTEM gets all the required privileges. Now you should be able to perform this from SYSTEM itself.
I have not tested this and verified. Still I doubt the last statement in the file will still fail and you need this to execute from SYS:
BEGIN
dbms_streams_auth.grant_remote_admin_access('strmadmin');
END;
Thanks,
Rijesh -
Is possible to connect db with sys/sys as sysdba in SQLPLUS utility
Hi all,
I'm using windows 2000 with oracle 10.1.0
I have to connect server through SQLPLUS utility. I can able to connect system/manager@instance_name
From system user, i cant able to query >archive log list; .Im getting error as permission denaid.
is any possbilities there to login as super user(sys/sys as sysdba) in SQLLUS utility.
Thanksconnect sys/sys@instance_name as sysdbaUses password file in $ORACLE_HOME/dbs, connecting through SQL*NET
connect sys/sys as sysdbaUses the BEQ protocol to connect to the database process directly and uses OS authentication, meaning your can use whatever username or password, it does not matter, same as connect / as sysdba - It will always connect to the SYS schema regardless. For this to work, your account needs to be in the SYSDBA group. (DBA - Linux, OSDBA - Windows).
See the oracle standard documentation for creating a password file under Windows.
When you have created the passwd file, you can reset the password using
sqlplus / as sysdba
alter user sys identified by 'password' ; -
Missing SYSDBA & SYSOPER System Privileges in EM checkbox lists
I created a brand new user called USER1.
When edit the USER1 using Eneterprise Manager, System Privileges, both the SYSDBA and SYSOPER are missing from the system privileges check box listing.
Why it is like that?
I am using Oracle 10g R2 and HPUX.
Thank you,
SmithIt seems that the user you have used to login to EM doesn't have permissions to grant sysdba, sysoper privileges, please connect to em AS sysdba
Oded
[www.dbsnaps.com]
[www.orbiumsoftware.com] -
Can not able to log in into sys as sysdba
Hi all,
I have one instance name is skydb and once upon a time i used it when i created it.i did set one password for the sys user and created password file.but right now i have forgot the password of sys.again creating the password file using below command.
orapwd file=orapwdskydb password=oracle entries=10but can not able to log in into sys as sysdba using this 'oracle' password .
for your information now the database is down.we also need to up it.
please help.
thanks a lot in advance.
atanuHi All,
first of all thaks a lot for your promt reply.now for your information my os info is
Linux oracleDB11g 2.6.32-71.el6.i686 #1 SMP Fri Nov 12 04:17:17 GMT 2010 i686 i686 i386 GNU/Linuxmy account user is in DBA group and its confirm.
now am giving the output of the
each command
[oracle@oracleDB11g admin]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Wed Jan 23 11:04:25 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges and
[oracle@oracleDB11g admin]$ sqlplus /nolog
SQL*Plus: Release 11.2.0.1.0 Production on Wed Jan 23 11:05:59 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
SQL> connect / as sysdba
ERROR:
ORA-01031: insufficient privilegesalso want to tell you I have created that password file on location is
/oracle/app/oracle/product/11.2.0/dbhome_1/dbsthanks once again
atanu -
Difference between /as sysdba and sys /as sysdba
Hi,
What is the difference between logging to an oracle dba as
1. sys /as sysdba ->asking for password of sys user
2. /as sysdba -> Logging into the database without asking password.
Also pl explain me the difference between OS authentication and Password Authentication.
Regards,
JibuDear Jibu,
An administrative users belongs to the "dba" group on Unix, or the "ORA_DBA" (ORA_sid_DBA) group on Windows, he/she has the Admin OS writes, so its allows to connect without password.
connect / as sysdba ('/') is treated as root user and he will login without asking for password.
Its simple as, when you logged in as Root user and you want to log to some another user, simply you have to give su abc command, it will get login as abc without asking for password.
Remove root user from DBA group, then try to connect by passing connect / as sysdba, this time it will ask for password.
Edited by: Akram on Oct 12, 2011 4:57 AM -
Getting ORA-01031: Insufficient privileges when connecting as sys as sysdba
Hi There,
I am running Linux AS version 4, oracle 102.0.1, and logginging as oracle user which belongs to dba group. I got error "ORA-01031: Insufficient privileges" when trying to connect as sys user to bring up database. I wondered what is causing the error. Here is an example
oracle-dev>sqlplus /nolog
SQL>conn as sys/oracle@dev as sysdba
ERROR:
ORA-01031: Insufficient privileges
Any suggestions would be greatly appreciated. Thanks again.
Rich,Did you create a password file ?
http://download-uk.oracle.com/docs/cd/B19306_01/server.102/b15658/admin_ora.htm#sthref142
Message was edited by:
Paul M.
BTW, the syntax is
SQL>conn sys/oracle@dev as sysdba -
Cant conect "sys as sysdba" from remote
Hi all ,
A strange thing happening with me ..
my database is on ip(prod1) and client is ip(Host)
When I make connecttion from prod1 as follows :
sqlplus sys@prod1 as sysdba
connected ...
Its giving me sys connection .
But from IP (remote HOst client )
when i fire
sqlplus sys@prod1 as sysdba
LOGON denied ...
But from IP(remote Host client )when i firng
sqlplus scott/tiger@prod1
connected ....
1.i m typing crrect password
2. my remote_login_passwordfile = EXCLUSIVE1. Are you connecting to the right database ?
On you remote client:
$ORACLE_HOME/bin/tnsping prod1 and make sure that it'is resolving to the right service.
2. Try to connect via EZCONNECT (NAMES.DIRECTORY_PATH should contain ezconnect value):
$ORACLE_HOME/bin/sqlplus sys@hostname:port/service as sysdba
On your server
3. Check your $TNS_ADMIN/sqlnet.ora Make sure there is no such a line as
tcp.validnode_checking = yes
If so, make sure that your remote client is a part of tcp.invited_nodes
Maybe you are looking for
-
How can i add a 6th devices to my itunes account
how do i add a 6th devices to my itunes account
-
every time i try to create a new movie or a trailer an error message appear saying:"the operation could not be completed. no other information is available about the problem."
-
Blocking of programs in Production server
HI ALL, I want a transaction or procedure through which we can block or delete our programs in production environment. and when required can unblock them or retransport them again. we can block the tcodes using 'SM01' but i need about executable pro
-
I can't update my iPhone 3GS to iOS 5!
It keeps saying 3194 error, i have iTunes 10.5, im not sure what else i can do! Please help!
-
One day I turned off my computer which had been working perfectly and came back later that night and turned it on and it wouldnt post and would power cycle. So I RMAd the board and got another one two weeks later. I hooked everything up and now it wo