Sysdba和sysoper均可以在数据库未open状态下访问数据库的实例。
下面是系统权限对应的操作。
SYSDBA
* Perform STARTUP and SHUTDOWNoperations
*ALTER DATABASE: open, mount, back up, or change character set
*CREATE DATABASE
*CREATE SPFILE
*ARCHIVELOG and RECOVERY
*Includes the RESTRICTED SESSION privilege
Effectively, this system privilege allows auser to connect as user SYS.
SYSOPER
*Perform STARTUP and SHUTDOWN operations
*CREATE SPFILE
*ALTER DATABASE OPEN/MOUNT/BACKUP
*ARCHIVELOG and RECOVERY
*Includes the RESTRICTED SESSION privilege
This privilege allows a user to performbasic operational tasks, but without the ability to look at user data.
数据库管理员的认证方式:
操作系统(OS)认证
密码文件认证
操作系统认证方式:
1.Create an operating system account for the user.
2.Add the user to the OSDBA or OSOPER operating system defined groups.
3.Ensure that the initialization parameter, REMOTE_LOGIN_PASSWORDFILE, isset to NONE. This is the default value for this parameter.
密码文件认证方式:
To enable authentication of anadministrative user using password file authentication you must do thefollowing:
1.Create an operating system account for the user.
2.If not already created, Create the password file using the ORAPWD utility:
ORAPWD FILE=filename PASSWORD=password ENTRIES=max_users
3.Set the REMOTE_LOGIN_PASSWORDFILE initialization parameter to EXCLUSIVE.
4.Connect to the database as user SYS (or as another user with the administrativeprivilege).
5.If the user does not already exist in the database, create the user. Grant theSYSDBA or SYSOPER system privilege to the user:
GRANT SYSDBA to scott;
This statement adds the user to the password file, thereby enablingconnection AS SYSDBA.
这里的file,如果你使用的是oracle 9i的RAC,那么每个实例的环境变量要指向同一个密码文件。