2、Administrative
Privilege Operations Authorized
SYSDBA ■ Perform STARTUPand SHUTDOWNoperations
■ ALTER DATABASE: open, mount, back up, or change character set
■ CREATE DATABASE
■ DROP DATABASE
■ CREATE SPFILE
■ ALTER DATABASE ARCHIVELOG
■ ALTER DATABASE RECOVER
■ Includes the RESTRICTED SESSIONprivilege
This administrative privilege allows most operations, including the
ability to view user data. It is the most powerful administrative
privilege.
SYSOPER ■ Perform STARTUPand SHUTDOWNoperations
■ CREATE SPFILE
■ ALTER DATABASE: open, mount, or back up
■ ALTER DATABASE ARCHIVELOG
■ ALTER DATABASE RECOVER(Complete recovery only. Any form of
incomplete recovery, such as UNTIL
TIME|CHANGE|CANCEL|CONTROLFILErequires connecting as
SYSDBA.)
■ Includes the RESTRICTED SESSIONprivilege
This privilege allows a user to perform basic operational tasks, but
without the ability to view user data.
SYSBACKUP This privilege allows a user to perform backup and recovery
operations either from Oracle Recovery Manager (RMAN) or
SQL*Plus.
See Oracle Database Security Guidefor the full list of operations allowed
by this administrative privilege.
SYSDG This privilege allows a user to perform Data Guard operations. You
can use this privilege with either Data Guard Broker or the DGMGRL
command-line interface.
See Oracle Database Security Guidefor the full list of operations allowed
by this administrative privilege.
SYSKM This privilege allows a user to perform Transparent Data Encryption
keystore operations.
See Oracle Database Security Guidefor the full list of operations allowed
by this administrative privilege.