2

I'm currently using RHEL 5 and Oracle 11g.

I use DBCA to create Oracle database with all default options available. The problem is that when I create a new user on that database, this user can connect to the database with sysdba privilege although it is not granted any privileges.

create user backup_admin identified by password default tablespace users;

sqlplus backup_admin as sysdba

What to do to restrict the user from connecting as sysdba?

Improve this question
2
  • Are you logged in to the operating system as the Oracle user (or a member of the DBA group)? Commented Aug 26, 2009 at 4:23
  • Yes, I log in to the OS as the Oracle user. Commented Aug 26, 2009 at 5:04

1 Answer 1

Reset to default
4

"The problem is that when I create a new user on that database, this user can connect to the database with sysdba privilege although it is not granted any privileges."

Incorrect. Database users cannot connect as SYSDBA. Connecting as SYSDBA means connecting to the SYS user/schema.

OS users can connect as sysdba if, as Justin mentions, they are in the dba group. This normally includes the oracle user, but maybe others too.

Oracle is a bit misleading that you can try, for example, SQLPLUS user/pass AS SYSDBA In this case, the user/pass is ignored and it has the same effect as SQLPLUS / AS SYSDBA

Improve this answer
2
  • It can be helpful to also try the login remotely. ie 'sqlplus /nolog' then 'connect backup_admin/password@tnsdatabasename as sysdba' You will probably find that this will not work as the OS level authentication mentioned above won't work for a remote connection. Commented Aug 26, 2009 at 4:59
  • Hi Gary, you are right. So how can I restrict the "SQLPLUS user/pass AS SYSDBA"? As u mention, it has the same effect as "SQLPLUS / AS SYSDBA". Regards, Sarith Commented Aug 26, 2009 at 5:01

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.