Sys as sysdba/sysoper

Hi there
Can any body explain me, why SYS user should always connect to the database as SYSDBA/SYSOPER only?
Why he cannot login without as a SYSDBA/SYSOPER.
TIA
Aqueel.

Though you should understand the implications of making this change. Here's the excerpt from the Oracle docs.
"O7_DICTIONARY_ACCESSIBILITY is intended for use when you migrate from Oracle7 to Oracle9i. It controls restrictions on SYSTEM privileges. If the parameter is set to true, access to objects in the SYS schema is allowed (Oracle7 behavior). The default setting of false ensures that system privileges that allow access to objects in "any schema" do not allow access to objects in SYS schema.
For example, if O7_DICTIONARY_ACCESSIBILITY = false, then the SELECT ANY TABLE privilege allows access to views or tables in any schema except the SYS schema (data dictionary tables cannot be accessed). The system privilege EXECUTE ANY PROCEDURE allows access on the procedures in any schema except the SYS schema.
If this parameter is set to false and you need to access objects in the SYS schema, then you must be granted explicit object privilege. Also, the following roles, which can be granted to the database administrator, also allow access to dictionary objects: SELECT_CATALOG_ROLE, EXECUTE_CATALOG_ROLE, and DELETE_CATALOG_ROLE."

Similar Messages

  • CONNECT INTERNAL 시 SYS에 PASSWORD 걸기(SYSDBA, SYSOPER)

    제품 : ORACLE SERVER
    작성날짜 : 1997-03-31
    SYS user 에 passwd 거는 방법
    ===========================
    이를 걸게 되면 connect internal 접속 시 passwd를 물어보게 되며 DBA group이
    아닌 다른 user에서도 sys user와 똑같이 작업할 수 있다.
    1) initSID.ora 화일에
    REMOTE_OS_AUTHENT = TRUE
    REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE
    2) ?/dbs 에서
    orapwd file=orapwSID password=my_password entries=10
    (이 때의 SID는 실제의 ORACLE_SID 를 적어주어야 함.)
    3) connect internal 후
    grant sysdba to scott
    grant sysoper to scott 를 부여한다.
    이를 부여하면 sys의 passwd를 알지 못해도
    SVRMGR> connect internal;
    SVRMGR> passwd ? :
    만약 passwd 를 모르면
    SVRMGR> connect scott/tiger as sysoper ;
    SVRMGR> startup 이 가능하다.
    참고) 이의 효과를 위해 /etc/group 화일에 oracle os user가 DBA group 이
    아니어야 하며 일반 user에서도 위의 작업을 똑같이 실행하려면 configSID.ora
    화일을 oracle user 아닌 다른 user에도 실행이 가능할 수 있도록 실행 MODE가
    4755 이어야 한다.

    If you want to connect a new user as SYSDBA or SYSOPER, you must first create a repository. Check some document for creating a repository with seperate tablespace.

  • SYSDBA & SYSOPER privileges

    Upon database creation, user SYS is created with the SYSDBA system privilege and user SYSTEM is created with the SYSOPER system privilege. It is possible to grant the privilege to other users as long as you are logged in as SYS AS SYSDBA. The problem is that before my arrival to my company someone went in and revoked the SYSDBA privilege from SYS and the SYSOPER privilege from SYSTEM. No user within the database holds these privileges anymore. Is it possible to regain the SYSDBA & SYSOPER privilege for SYS without having to recreate the database??? The SYSDBA privilege is not even possible to grant to SYS since I obviously have to log in as SYS AS SYSDBA but can't since the privilege was revoked. Any ideas???

    Michael, lets start from scratch here b/c some of your assumption are off. SYS and SYSTEM are not granted SYSDBA or SYSOPER by default.
    You can "connect internal" which gives you SYSDBA privs. Set up a password file using the "orapwd" executable and in the init.ora file set remote_login_passwordfile = exclusive. When you connect you will become SYS in the database and have the SYSDBA privilege.
    Or simple connect to the operating system with a unix user that is in the group designated as "OSDBA" - the name of the UNIX group is probably "dba". Then you can "connect internal" or "connect / as sysdba". When you connect you will become SYS in the database and have the SYSDBA privilege.
    HTH,
    Aaron Newman
    Database Security Consultant

  • Cannot sqlplus sys as sysdba from remote server :ORA-12154

    Hi,
    I am trying to connect from linux VM app server to the database as sys as sysdba but it returns TNS error. I verified that listener is up, the REMOTE_LOGIN_PASSWORDFILE is exclusive and there is password file.
    [ORACLE@SERVER admin]$ sqlplus sys as sysdba
    SQL*Plus: Release 11.2.0.1.0 Production on Fri Apr 12 21:45:08 2013
    Copyright (c) 1982, 2009, Oracle. All rights reserved.
    Enter password:
    ERROR:
    ORA-12154: TNS:could not resolve the connect identifier specified
    ==============================================
    It works when I give the DB name
    [ORACLE@SERVER admin]$ sqlplus sys@ODB2 as sysdba
    SQL*Plus: Release 11.2.0.1.0 Production on Fri Apr 12 21:49:50 2013
    Copyright (c) 1982, 2009, Oracle. All rights reserved.
    Enter password:
    Connected to:
    Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
    With the Partitioning, OLAP, Data Mining and Real Application Testing options
    SQL>
    ==================================================
    Could anyone please help me with the issue ?
    Edited by: Cherrish on Apr 12, 2013 10:53 PM

    Cherrish wrote:
    Hi,
    I am trying to connect from linux VM app server to the database as sys as sysdba but it returns TNS error. I verified that listener is up, the REMOTE_LOGIN_PASSWORDFILE is exclusive and there is password file.
    [ORACLE@SERVER admin]$ sqlplus sys as sysdba
    SQL*Plus: Release 11.2.0.1.0 Production on Fri Apr 12 21:45:08 2013
    Copyright (c) 1982, 2009, Oracle. All rights reserved.
    Enter password:
    ERROR:
    ORA-12154: TNS:could not resolve the connect identifier specifiedRealize that sqlplus line above shows no @TNS_ALIAS so no SQL*Net should be used to connect.
    please type EXACTLY (line for line) as shown below
    env | sort
    sqlplus
    / as sysdba
    COPY the results from above then PASTE all back here

  • Error Usage: CONNECT username [AS SYSDBA|SYSOPER]

    Hi,
    I am running a request set which starts of with unix shell script.
    I get this error:
    Invalid option.
    Usage: CONNECT <username> [AS SYSDBA|SYSOPER]
    Invalid option.
    Usage: CONNECT <username> [AS SYSDBA|SYSOPER]
    Invalid option.
    Usage: CONNECT <username> [AS SYSDBA|SYSOPER]
    unable to CONNECT to ORACLE after 3 attempts, exiting SQL*Plus
    Can anyone tell me why this is happening/
    thanks
    Ash

    This is the unix script which is used:
    Please let me know where is goin wrong:
    #!/usr/bin/ksh
    ##sqlplus -s apps/w0rkin <<-ENDSQL
    logi=`echo $1|awk '{print $3 }'`
    login=`echo $logi|awk -F'=' '{ print $2 }'|sed 's/"//g'`
    org_id=`echo $1|awk '{print $9 }'`
    sqlplus -s $login <<ENDSQL
    set serveroutput on size 1000000 verify off
    define xxdata=${XXDATA}
    variable xxdatav varchar2(100)
    var status_out NUMBER;
    define org=$org_id
    DECLARE
    v_xxdata_path1 Varchar2(100);
    v_xxdata_path2 Varchar2(100);
    v_errbuf Varchar2(100);
    v_retstat Number;
    v_org VARCHAR2(20);
    BEGIN
    --v_xxdata_path1 := '&xxdata'||'/ont/outbound';
    v_xxdata_path1 := '&xxdata'||'/ont/oraout';
    v_xxdata_path2 := '${XXDATA}';
    dbms_output.put_line('1. XXDATA ='||v_xxdata_path1);
    dbms_output.put_line('2. Organization Id ='||'&org');
    select decode('&org','""','-1',null,'-1','&org')
    into v_org
    from dual;
    dbms_output.put_line('v_org='||v_org);
    xxont_bt_outbound_pkg.create_outbound_btfile(v_xxdata_path1,to_number(v_org),
    v_errbuf,v_retstat);
    dbms_output.put_line('v_retstat='||v_retstat);
    :status_out := v_retstat;
    --dbms_output.put_line('2. XXDATA ='||v_xxdata_path2);
    :xxdatav := '${XXDATA}';
    END;
    print :status_out
    exit :status_out
    ENDSQL
    if [ $? -ne 0 ]
    then
    echo "Outbound file creation failed!!!"
    exit 1
    else
    exit 0
    fi

  • Unable to connect to sqlplus .. sys as sysdba .. No listener in Oracle 11G

    Hi ,
    I have installed Oracle 11.2.0 . When connecting to sqlplus with sys as sysdba . Getting error as NO listener .
    I started listener . But finally getting the message as
    The listener supports no services
    The command completed successfully
    Kindly help

    I am getting the same message
    Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
    Listener Log File /u01/app/oracle/product/11.2.0/dbhome_1/log/diag/tnslsnr/oracledb/listener/alert/log.xml
    Listening Endpoints Summary...
    (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracledb.example.com)(PORT=1521)))
    The listener supports no services
    The command completed successfully
    I don't find the services entry here .

  • Connecting as sysdba / sysoper

    Hi Guys, If I do this
    connect / as sysdba
    connect / as sysoper
    I am connected but how do I ensure that it prompts me for a sysdba / sysoper password before it connects me.
    Thank you.

    and the exact to connect would be
    $sqlplus "/ as sysdba"
    or
    $sqlplus
    username:/ as sysdba
    password:yourwish/nopassword/anything
    or
    $sqlplus /nolog
    sql> conn / as sysdba
    But for all these things you need to set up ORACLE_SID,ORACLE_HOME,PATH varibales
    but dont use OS authentication

  • SP2-0306:Invalid option.Usage:CONN[ECT][logon][AS{SYSDBA|SYSOPER}]where log

    Hi
    Anyone can help me with the following error we are getting
    SP2-0306:Invalid option.Usage:CONN[ECT][logon][AS{SYSDBA|SYSOPER}]where<logon>::=<username>[<password>][@<connect_identifier>]|/
    We just upgrated to R12 and the shell script that we run is returning the above error message.
    Below is the script
    # Determine employee ID of send-to
    echo "Determine employee ID of send-to"
    if [ $8 ]
    then
    EID=`echo "${CONNECT} \n
    set heading off \n
    set feedback off \n
    select employee_id from FND_USER where upper(user_name) = '${USRNAME}';" |
    ${ORACLE_HOME}/bin/sqlplus -s`
    echo "CONNECT values " ${CONNECT}
    echo "Connected to DB " $EID
    echo "employee fax "
    # employee fax
    EFAX=${11}`echo "${CONNECT} \n
    set heading off \n
    set feedback off \n
    select fax_number from POS_PO_EMPLOYEE_DETAILS_V where employee_id=${EID};" |
    ${ORACLE_HOME}/bin/sqlplus -s |
    sed s/-//g`%[email protected]
    echo "Employee Fax "$EFAX
    EFAX2=`echo $EFAX|sed s/' '/'%91'/`
    EFAX=$EFAX2
    # employee email
    EEMAIL=`echo "${CONNECT} \n
    set heading off \n
    set feedback off \n
    select email_address from HR_EMPLOYEES_ALL_V where employee_id=${EID};" |
    ${ORACLE_HOME}/bin/sqlplus -s`
    EEMAIL2=`echo $EEMAIL|sed s/' '//g`
    EEMAIL=$EEMAIL2
    echo "Employee Email "$EEMAIL
    fi
    thank you

    I ended up rewriting the shell script and it works fine now
    if [ $8 ]
    then
    EID=`${ORACLE_HOME}/bin/sqlplus -s ${CONNECT} <<EOF
    set heading off;
    set feedback off;
    select employee_id from FND_USER where upper(user_name) = '${USRNAME}';
    exit;
    EOF`
    echo "Connected to DB " $EID
    echo "employee fax "
    # employee fax
    EFAX=${11}`${ORACLE_HOME}/bin/sqlplus -s ${CONNECT} <<EOF
    set heading off;
    set feedback off;
    select replace(fax_number,'-') from POS_PO_EMPLOYEE_DETAILS_V where employee_id=${EID};
    exit;
    EOF`%[email protected]
    echo "Employee Fax "$EFAX
    EFAX2=`echo $EFAX|sed s/' '/'%91'/`
    EFAX=$EFAX2
    # employee email
    EEMAIL=`${ORACLE_HOME}/bin/sqlplus -s ${CONNECT} <<EOF
    set heading off;
    set feedback off;
    select email_address from HR_EMPLOYEES_ALL_V where employee_id=${EID};
    exit;
    EOF`
    EEMAIL2=`echo $EEMAIL|sed s/' '//g`
    EEMAIL=$EEMAIL2
    echo "Employee Email "$EEMAIL
    fi
    thank you for your help!
    Edited by: user618218 on May 20, 2013 2:39 PM

  • Dbms_streams_auth.grant_admin_privilege sys as sysdba privilege ?

    When I execute dbms_streams_auth.grant_admin_privilege procedure as a user granted the DBA role. I get the following error:
    ORA-01031: insufficient privileges
    ORA-06512: at "SYS.DBMS_STREAMS_AUTH", line 1211
    ORA-06512: at line 2
    I can only execute this command with the sys as sysdba on the oracle host. Not as system user from an external machine.
    anyone know which privilege that sys user has that system doesnt ? I have tried all the execute privileges, but its not working.
    Svein

    Hello
    The basic reason why this can not be done with the SYSTEM user is that SYSTEM does not have all the privileges granted with GRANT OPTION. Now if you would like to make system to perform this, please follow the below:
    connect / as sysdba
    create directory tmp_dir as '/tmp';
    --i assume strmadmin user exists already
    begin
    dbms_streams_auth.grant_admin_privilege
    grantee=>'SYSTEM',
    grant_privileges=>false,
    file_name=>'strm_privs.sql',
    directory_name=>'tmp_dir'
    end;
    Now edit the file 'strm_privs.sql' and modify all the grant statements and add WITH GRANT OPTION clause. Execute this file from SYS so that SYSTEM gets all the required privileges. Now you should be able to perform this from SYSTEM itself.
    I have not tested this and verified. Still I doubt the last statement in the file will still fail and you need this to execute from SYS:
    BEGIN
         dbms_streams_auth.grant_remote_admin_access('strmadmin');
    END;
    Thanks,
    Rijesh

  • Is possible to connect db with sys/sys as sysdba in SQLPLUS utility

    Hi all,
    I'm using windows 2000 with oracle 10.1.0
    I have to connect server through SQLPLUS utility. I can able to connect system/manager@instance_name
    From system user, i cant able to query >archive log list; .Im getting error as permission denaid.
    is any possbilities there to login as super user(sys/sys as sysdba) in SQLLUS utility.
    Thanks

    connect sys/sys@instance_name as sysdbaUses password file in $ORACLE_HOME/dbs, connecting through SQL*NET
    connect sys/sys as sysdbaUses the BEQ protocol to connect to the database process directly and uses OS authentication, meaning your can use whatever username or password, it does not matter, same as connect / as sysdba - It will always connect to the SYS schema regardless. For this to work, your account needs to be in the SYSDBA group. (DBA - Linux, OSDBA - Windows).
    See the oracle standard documentation for creating a password file under Windows.
    When you have created the passwd file, you can reset the password using
    sqlplus / as sysdba
    alter user sys identified by 'password' ;

  • Missing SYSDBA & SYSOPER System Privileges in EM checkbox lists

    I created a brand new user called USER1.
    When edit the USER1 using Eneterprise Manager, System Privileges, both the SYSDBA and SYSOPER are missing from the system privileges check box listing.
    Why it is like that?
    I am using Oracle 10g R2 and HPUX.
    Thank you,
    Smith

    It seems that the user you have used to login to EM doesn't have permissions to grant sysdba, sysoper privileges, please connect to em AS sysdba
    Oded
    [www.dbsnaps.com]
    [www.orbiumsoftware.com]

  • Can not able to log in into sys as sysdba

    Hi all,
    I have one instance name is skydb and once upon a time i used it when i created it.i did set one password for the sys user and created password file.but right now i have forgot the password of sys.again creating the password file using below command.
    orapwd file=orapwdskydb password=oracle entries=10but can not able to log in into sys as sysdba using this 'oracle' password .
    for your information now the database is down.we also need to up it.
    please help.
    thanks a lot in advance.
    atanu

    Hi All,
    first of all thaks a lot for your promt reply.now for your information my os info is
    Linux oracleDB11g 2.6.32-71.el6.i686 #1 SMP Fri Nov 12 04:17:17 GMT 2010 i686 i686 i386 GNU/Linuxmy account user is in DBA group and its confirm.
    now am giving the output of the
    each command
    [oracle@oracleDB11g admin]$ sqlplus / as sysdba
    SQL*Plus: Release 11.2.0.1.0 Production on Wed Jan 23 11:04:25 2013
    Copyright (c) 1982, 2009, Oracle.  All rights reserved.
    ERROR:
    ORA-01031: insufficient privileges and
    [oracle@oracleDB11g admin]$ sqlplus /nolog
    SQL*Plus: Release 11.2.0.1.0 Production on Wed Jan 23 11:05:59 2013
    Copyright (c) 1982, 2009, Oracle.  All rights reserved.
    SQL> connect / as sysdba
    ERROR:
    ORA-01031: insufficient privilegesalso want to tell you I have created that password file on location is
    /oracle/app/oracle/product/11.2.0/dbhome_1/dbsthanks once again
    atanu

  • Difference between /as sysdba and sys /as sysdba

    Hi,
    What is the difference between logging to an oracle dba as
    1. sys /as sysdba ->asking for password of sys user
    2. /as sysdba -> Logging into the database without asking password.
    Also pl explain me the difference between OS authentication and Password Authentication.
    Regards,
    Jibu

    Dear Jibu,
    An administrative users belongs to the "dba" group on Unix, or the "ORA_DBA" (ORA_sid_DBA) group on Windows, he/she has the Admin OS writes, so its allows to connect without password.
    connect / as sysdba ('/') is treated as root user and he will login without asking for password.
    Its simple as, when you logged in as Root user and you want to log to some another user, simply you have to give su abc command, it will get login as abc without asking for password.
    Remove root user from DBA group, then try to connect by passing connect / as sysdba, this time it will ask for password.
    Edited by: Akram on Oct 12, 2011 4:57 AM

  • Getting ORA-01031: Insufficient privileges when connecting as sys as sysdba

    Hi There,
    I am running Linux AS version 4, oracle 102.0.1, and logginging as oracle user which belongs to dba group. I got error "ORA-01031: Insufficient privileges" when trying to connect as sys user to bring up database. I wondered what is causing the error. Here is an example
    oracle-dev>sqlplus /nolog
    SQL>conn as sys/oracle@dev as sysdba
    ERROR:
    ORA-01031: Insufficient privileges
    Any suggestions would be greatly appreciated. Thanks again.
    Rich,

    Did you create a password file ?
    http://download-uk.oracle.com/docs/cd/B19306_01/server.102/b15658/admin_ora.htm#sthref142
    Message was edited by:
    Paul M.
    BTW, the syntax is
    SQL>conn sys/oracle@dev as sysdba

  • Cant conect "sys as sysdba" from remote

    Hi all ,
    A strange thing happening with me ..
    my database is on ip(prod1) and client is ip(Host)
    When I make connecttion from prod1 as follows :
    sqlplus sys@prod1 as sysdba
    connected ...
    Its giving me sys connection .
    But from IP (remote HOst client )
    when i fire
    sqlplus sys@prod1 as sysdba
    LOGON denied ...
    But from IP(remote Host client )when i firng
    sqlplus scott/tiger@prod1
    connected ....
    1.i m typing crrect password
    2. my remote_login_passwordfile = EXCLUSIVE

    1. Are you connecting to the right database ?
    On you remote client:
    $ORACLE_HOME/bin/tnsping prod1 and make sure that it'is resolving to the right service.
    2. Try to connect via EZCONNECT (NAMES.DIRECTORY_PATH should contain ezconnect value):
    $ORACLE_HOME/bin/sqlplus sys@hostname:port/service as sysdba
    On your server
    3. Check your $TNS_ADMIN/sqlnet.ora Make sure there is no such a line as
    tcp.validnode_checking = yes
    If so, make sure that your remote client is a part of tcp.invited_nodes

Maybe you are looking for