Databases Reference
In-Depth Information
Then stop and start your database to instantiate the parameter. Once the password file is enabled, you can then
create database users and assign them the
sys*
privileges as required. For example, suppose you had a database user
named
dba_maint
that you wanted to grant
sysbackup
privileges:
$ sqlplus / as sysdba
SQL> grant sysbackup to dba_maint;
Now the
dba_maint
database user can connect to the database with
sysbackup
privileges:
$ sqlplus dba_maint/foo as sysbackup
You can verify which users have
sys*
privileges by querying the V$PWFILE_USERS view:
SQL> select * from v$pwfile_users;
Here is some sample output:
USERNAME SYSDB SYSOP SYSAS SYSBA SYSDG SYSKM CON_ID
------------------------------ ----- ----- ----- ----- ----- ----- ----------
SYS TRUE TRUE FALSE FALSE FALSE FALSE 0
DBA_MAINT FALSE FALSE FALSE TRUE FALSE FALSE 0
OS aUtheNtICat ION VS. pa SSWOrD FILe
For local connections, operating system authentication takes precedence over password file authentication. In
other words, if you're logged on to an OS account that is a member of an authenticated group, such as
dba
, it
doesn't matter what you type in for the username and password when connecting to a local database with
sys*
privileges. For example, you can connect as
sysdba
with a nonexistent username/password:
$ sqlplus bogus/wrong as sysdba
SQL> show user;
USER is "SYS"
The prior connection works because Oracle ignores the username/password provided, as the user was first
verified via OS authentication. however, a password file is used when you're not using OS authentication to
establish a privileged local connection or when you're trying to make a privileged connection to a remote
database via the network.
Starting and Stopping Your Database
Problem
You want to start or stop your Oracle database.