Databases Reference
In-Depth Information
----------------------------------------
CREATE SESSION
RESTRICTED SESSION
SYSOPER
Due to the
SYSOPER
privilege, the database user “OPS$NDEBES” can stop and restart
the instance.
SQL> SHUTDOWN IMMEDIATE
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> STARTUP
ORACLE instance started.
Database mounted.
Database opened.
Contrary to
SYSDBA
, the
SYSOPER
privilege does not include access to data dictionary views
or tables, but allows the use of
ARCHIVE
LOG
LIST
for monitoring. Merely database objects acces-
sible to
PUBLIC
may be accessed with the
SYSOPER
privilege.
SQL> SELECT startup_time FROM v$instance;
SELECT startup_time FROM v$instance
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> ARCHIVE LOG LIST
Database log mode No Archive Mode
Automatic archival Disabled
Archive destination /opt/oracle/product/db10.2/dbs/arch
Oldest online log sequence 18
Current log sequence 19
The combined benefits of operating system and password authentication become
unavailable with a nondefault setting of
OS_AUTHENT_PREFIX
. The
SYSDBA
privilege can merely be
granted to database users created with password authentication, but obviously such users
must enter the correct password when connecting. The problem is that the undocumented
check for operating system authentication in spite of an assigned password is not done when
OS_AUTHENT_PREFIX
has a nondefault value.
SQL> ALTER SYSTEM SET os_authent_prefix='' SCOPE=SPFILE;
System altered.
Since
OS_AUTHENT_PREFIX
is now a zero-length string, operating system user name and
database user name are identical.
SQL> CREATE USER ndebes IDENTIFIED BY secret;
User created.
SQL> GRANT CONNECT, SYSOPER TO ndebes;
Grant succeeded.