Sysdba和sysoper均可以在數據庫未open狀態下訪問數據庫的實例。
下面是系統權限對應的操作。
SYSDBA
* Perform STARTUP and SHUTDOWNoperations
*ALTER DATABASE: open, mount, back up, or change character set
*CREATE DATABASE
*CREATE SPFILE
*ARCHIVELOG and RECOVERY
*Includes the RESTRICTED SESSION privilege
Effectively, this system privilege allows auser to connect as user SYS.
SYSOPER
*Perform STARTUP and SHUTDOWN operations
*CREATE SPFILE
*ALTER DATABASE OPEN/MOUNT/BACKUP
*ARCHIVELOG and RECOVERY
*Includes the RESTRICTED SESSION privilege
This privilege allows a user to performbasic operational tasks, but without the ability to look at user data.
數據庫管理員的認證方式:
操作系統(OS)認證
密碼文件認證
操作系統認證方式:
1.Create an operating system account for the user.
2.Add the user to the OSDBA or OSOPER operating system defined groups.
3.Ensure that the initialization parameter, REMOTE_LOGIN_PASSWORDFILE, isset to NONE. This is the default value for this parameter.
密碼文件認證方式:
To enable authentication of anadministrative user using password file authentication you must do thefollowing:
1.Create an operating system account for the user.
2.If not already created, Create the password file using the ORAPWD utility:
ORAPWD FILE=filename PASSWORD=password ENTRIES=max_users
3.Set the REMOTE_LOGIN_PASSWORDFILE initialization parameter to EXCLUSIVE.
4.Connect to the database as user SYS (or as another user with the administrativeprivilege).
5.If the user does not already exist in the database, create the user. Grant theSYSDBA or SYSOPER system privilege to the user:
GRANT SYSDBA to scott;
This statement adds the user to the password file, thereby enablingconnection AS SYSDBA.
這裏的file,如果你使用的是oracle 9i的RAC,那麼每個實例的環境變量要指向同一個密碼文件。
