Chinaunix首页 | 论坛 | 博客
  • 博客访问: 301374
  • 博文数量: 19
  • 博客积分: 2588
  • 博客等级: 少校
  • 技术积分: 730
  • 用 户 组: 普通用户
  • 注册时间: 2006-06-12 13:11
文章分类

全部博文(19)

文章存档

2022年(11)

2013年(3)

2012年(1)

2011年(2)

2008年(2)

我的朋友

分类: Oracle

2022-11-24 22:12:37

1、认证途径

2、OS认证组&dba权限对应清单
Operating System Group
UNIX or Linux User Group
Windows User Group
Oracle administrative privilege
OSDBA
dba

ORA_DBA (for all Oracle homes)

ORA_HOMENAME_DBA (for each specific Oracle home)

SYSDBA
OSOPER
oper

ORA_OPER (for all Oracl homes)

ORA_HOMENAME_OPER (for each specific Oracle home)

SYSOPER
OSBACKUPDBA
backupdba
ORA_HOMENAME_SYSBACKUP
SYSBACKUP
OSDGDBA
dgdba
ORA_HOMENAME_SYSDG
SYSDG
OSKMDBA
kmdba
ORA_HOMENAME_SYSKM
SYSKM
OSRACDBA
racdba
ORA_HOMENAME_SYSRAC
SYSRAC

3、Administrator权限列表
Administrative Privilege Operations Authorized

SYSDBA

  • Perform STARTUP and SHUTDOWN operations

  • ALTER DATABASE: open, mount, back up, or change character set

  • CREATE DATABASE

  • DROP DATABASE

  • CREATE SPFILE

  • ALTER DATABASE ARCHIVELOG

  • ALTER DATABASE RECOVER

  • Includes the RESTRICTED SESSION privilege

This administrative privilege allows most operations, including the ability to view user data. It is the most powerful administrative privilege.

SYSOPER

  • Perform STARTUP and SHUTDOWN operations

  • CREATE SPFILE

  • ALTER DATABASE: open, mount, or back up

  • ALTER DATABASE ARCHIVELOG

  • ALTER DATABASE RECOVER (Complete recovery only. Any form of incomplete recovery, such as UNTIL TIME|CHANGE|CANCEL|CONTROLFILE requires connecting as SYSDBA.)

  • Includes the RESTRICTED SESSION privilege

This privilege allows a user to perform basic operational tasks, but without the ability to view user data.

SYSBACKUP

This privilege allows a user to perform backup and recovery operations either from Oracle Recovery Manager (RMAN) or SQL*Plus.

See Oracle Database Security Guide for the full list of operations allowed by this administrative privilege.

SYSDG

This privilege allows a user to perform Data Guard operations. You can use this privilege with either Data Guard Broker or the DGMGRL command-line interface.

See Oracle Database Security Guide for the full list of operations allowed by this administrative privilege.

SYSKM

This privilege allows a user to perform Transparent Data Encryption keystore operations.

See Oracle Database Security Guide for the full list of operations allowed by this administrative privilege.

SYSRAC

This privilege allows the Oracle agent of Oracle Clusterware to perform Oracle Real Application Clusters (Oracle RAC) operations.

See Oracle Database Security Guide for the full list of operations allowed by this administrative privilege.

4、连接会话与Schema
 Administrative Privilege Current Schema Session User

SYSDBA

SYS

SYS

SYSOPER

PUBLIC

PUBLIC

SYSBACKUP

SYS 

SYSBACKUP

SYSDG

SYS

SYSDG

SYSRAC

SYS 

SYSRAC

SYSKM 

SYSKM

SYSKM


验证脚本:
CONNECT mydba AS SYSBACKUP
SELECT SYS_CONTEXT('USERENV', 'CURRENT_SCHEMA') FROM DUAL;
SYS_CONTEXT('USERENV','CURRENT_SCHEMA')
--------------------------------------------------------------------------------
SYS
SELECT SYS_CONTEXT('USERENV', 'SESSION_USER') FROM DUAL;
SYS_CONTEXT('USERENV','SESSION_USER')
--------------------------------------------------------------------------------
SYSBACKUP


5、SQLNET.AUTHENTICATION_SERVICES= (NTS/NONE/ALL)
NONE:作用是不允许通过 OS 系统用户登录数据库,需要提供用户名及密码;
ALL:作用是允许所有的登录方式;
NTS:此设置值仅用于Windows NT系统,此设置同时支持OS认证和口令文件认证,只有在设置了(NTS)值之后运行在Windows系统上的Oracle才支持OS认证。
如果不设置此参数,对Linux系统,默认支持OS认证和口令文件认证。对Windows系统,默认只支持口令文件认证,不支持OS认证。





http://www.itpub.net/thread-911241-1-1.html
http://blog.itpub.net/19602/cid-66406-abstract-1
阅读(677) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~