Oracle OS认证-hgcwen_wen-ChinaUnix博客

hgcwen_wen

首页　| 　博文目录　| 　关于我

hgcwen_wen

博客访问： 300826
博文数量： 19
博客积分： 2588
博客等级：少校
技术积分： 730
用户组：普通用户
注册时间： 2006-06-12 13:11

文章分类

全部博文（19）

orale基础部分（8）
10G OCP（1）
安?部分（2）
??（0）
linux（4）
oracle（4）
未分配的博文（0）

文章存档

2022年（11）

2013年（3）

2012年（1）

2011年（2）

2008年（2）

我的朋友

浜戜腑鐨

相关博文

Oracle OS认证

分类： Oracle

2022-11-24 22:12:37

1、认证途径

2、OS认证群组&dba权限对应清单

Operating System Group	UNIX or Linux User Group	Windows User Group	Oracle administrative privilege
OSDBA	dba	ORA_DBA (for all Oracle homes) ORA_HOMENAME_DBA (for each specific Oracle home)	SYSDBA
OSOPER	oper	ORA_OPER (for all Oracl homes) ORA_HOMENAME_OPER (for each specific Oracle home)	SYSOPER
OSBACKUPDBA	backupdba	ORA_HOMENAME_SYSBACKUP	SYSBACKUP
OSDGDBA	dgdba	ORA_HOMENAME_SYSDG	SYSDG
OSKMDBA	kmdba	ORA_HOMENAME_SYSKM	SYSKM
OSRACDBA	racdba	ORA_HOMENAME_SYSRAC	SYSRAC

3、Administrator权限列表

Administrative Privilege	Operations Authorized
SYSDBA	Perform STARTUP and SHUTDOWN operations ALTER DATABASE: open, mount, back up, or change character set CREATE DATABASE DROP DATABASE CREATE SPFILE ALTER DATABASE ARCHIVELOG ALTER DATABASE RECOVER Includes the RESTRICTED SESSION privilege This administrative privilege allows most operations, including the ability to view user data. It is the most powerful administrative privilege.
SYSOPER	Perform STARTUP and SHUTDOWN operations CREATE SPFILE ALTER DATABASE: open, mount, or back up ALTER DATABASE ARCHIVELOG ALTER DATABASE RECOVER (Complete recovery only. Any form of incomplete recovery, such as UNTIL TIME\|CHANGE\|CANCEL\|CONTROLFILE requires connecting as SYSDBA.) Includes the RESTRICTED SESSION privilege This privilege allows a user to perform basic operational tasks, but without the ability to view user data.
SYSBACKUP	This privilege allows a user to perform backup and recovery operations either from Oracle Recovery Manager (RMAN) or SQL*Plus. See Oracle Database Security Guide for the full list of operations allowed by this administrative privilege.
SYSDG	This privilege allows a user to perform Data Guard operations. You can use this privilege with either Data Guard Broker or the DGMGRL command-line interface. See Oracle Database Security Guide for the full list of operations allowed by this administrative privilege.
SYSKM	This privilege allows a user to perform Transparent Data Encryption keystore operations. See Oracle Database Security Guide for the full list of operations allowed by this administrative privilege.
SYSRAC	This privilege allows the Oracle agent of Oracle Clusterware to perform Oracle Real Application Clusters (Oracle RAC) operations. See Oracle Database Security Guide for the full list of operations allowed by this administrative privilege.

4、连接会话与Schema

Administrative Privilege	Current Schema	Session User
SYSDBA	SYS	SYS
SYSOPER	PUBLIC	PUBLIC
SYSBACKUP	SYS	SYSBACKUP
SYSDG	SYS	SYSDG
SYSRAC	SYS	SYSRAC
SYSKM	SYSKM	SYSKM

验证脚本：

CONNECT mydba AS SYSBACKUP
SELECT SYS_CONTEXT('USERENV', 'CURRENT_SCHEMA') FROM DUAL;
SYS_CONTEXT('USERENV','CURRENT_SCHEMA')
--------------------------------------------------------------------------------
SYS
SELECT SYS_CONTEXT('USERENV', 'SESSION_USER') FROM DUAL;
SYS_CONTEXT('USERENV','SESSION_USER')
--------------------------------------------------------------------------------
SYSBACKUP

5、SQLNET.AUTHENTICATION_SERVICES= (NTS/NONE/ALL)

NONE：作用是不允许通过 OS 系统用户登录数据库，需要提供用户名及密码；
ALL：作用是允许所有的登录方式；
NTS：此设置值仅用于Windows NT系统，此设置同时支持OS认证和口令文件认证，只有在设置了(NTS)值之后运行在Windows系统上的Oracle才支持OS认证。
如果不设置此参数，对Linux系统，默认支持OS认证和口令文件认证。对Windows系统，默认只支持口令文件认证，不支持OS认证。

http://www.itpub.net/thread-911241-1-1.html
http://blog.itpub.net/19602/cid-66406-abstract-1

阅读(643) | 评论(0) | 转发(0) |

上一篇：Oracle密码文件&认证

下一篇：Oracle Database Release Number

给主人留下些什么吧！~~

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6