Thursday, August 12, 2010

Sysdba

The most powerful credentials in the Oracle database is of 'sysdba'. Any user having sysdba is sys. These most powerful credential are not stored within the Oracle database.

It doesn't mean that Oracle doesn't trust itself for the most powerful credentials, but because these are needed to access the instance and database when it is not up and open.

There are two types of external authentication for the sysdba:

1. OS authenticaion - logon to the server is a member of a particular group on the os (usually dba or oradba). If you are logged in with such user which is in the dba group, then you can connect to instance without even specifying the password.

SQL> connect / as sysdba
Connected.
SQL> show user
USER is "SYS"

2. The second option is password file authentiction.

SQL> connect sys/password@orcl as sysdba
Connected.
SQL> show user
USER is "SYS"
SQL> alter user sys identified by secure;

User altered.

SQL> connect sys/secure@orcl as sysdba
Connected.
SQL> show user
USER is "SYS"

changing the sys password changes the password in the password file and the users wanting to log on have to know the new password..

We can also add new users to the password file:

SQL> grant sysdba to hr;

Grant succeeded.

SQL> connect hr/hr@orcl as sysdba
Connected.
SQL> show user
USER is "SYS"

No comments: