Oracle® Database Administrator's Guide 11g Release 2 (11.2) Part Number E17120-07 |
|
|
PDF · Mobi · ePub |
To perform the administrative tasks of an Oracle Database DBA, you need specific privileges within the database and possibly in the operating system of the server on which the database runs. Access to a database administrator's account should be tightly controlled.
This section contains the following topics:
To perform many of the administrative duties for a database, you must be able to execute operating system commands. Depending on the operating system on which Oracle Database is running, you might need an operating system account or ID to gain access to the operating system. If so, your operating system account might require operating system privileges or access rights that other database users do not require (for example, to perform Oracle Database software installation). Although you do not need the Oracle Database files to be stored in your account, you should have access to them.
See Also:
Your operating system-specific Oracle documentation. The method of creating the account of the database administrator is specific to the operating system.Two administrative user accounts are automatically created when Oracle Database is installed:
SYSTEM
(default password: MANAGER
)
Note:
Both Oracle Universal Installer (OUI) and Database Configuration Assistant (DBCA) now prompt forSYS
and SYSTEM
passwords and do not accept the default passwords "change_on_install" or "manager", respectively.
If you create the database manually, Oracle strongly recommends that you specify passwords for SYS
and SYSTEM
at database creation time, rather than using these default passwords. See "Protecting Your Database: Specifying Passwords for Users SYS and SYSTEM" for more information.
Create at least one additional administrative user and grant to that user an appropriate administrative role to use when performing daily administrative tasks. Do not use SYS
and SYSTEM
for these purposes.
Note Regarding Security Enhancements:
In this release of Oracle Database and in subsequent releases, several enhancements are being made to ensure the security of default database user accounts. You can find a security checklist for this release in Oracle Database Security Guide. Oracle recommends that you read this checklist and configure your database accordingly.When you create an Oracle database, the user SYS
is automatically created and granted the DBA
role.
All of the base tables and views for the database data dictionary are stored in the schema SYS
. These base tables and views are critical for the operation of Oracle Database. To maintain the integrity of the data dictionary, tables in the SYS
schema are manipulated only by the database. They should never be modified by any user or database administrator, and no one should create any tables in the schema of user SYS
. (However, you can change the storage parameters of the data dictionary settings if necessary.)
Ensure that most database users are never able to connect to Oracle Database using the SYS
account.
When you create an Oracle Database, the user SYSTEM
is also automatically created and granted the DBA
role.
The SYSTEM
user name is used to create additional tables and views that display administrative information, and internal tables and views used by various Oracle Database options and tools. Never use the SYSTEM
schema to store tables of interest to non-administrative users.
A predefined DBA
role is automatically created with every Oracle Database installation. This role contains most database system privileges. Therefore, the DBA role should be granted only to actual database administrators.
Note:
The DBA role does not include theSYSDBA
or SYSOPER
system privileges. These are special administrative privileges that allow an administrator to perform basic database administration tasks, such as creating the database and instance startup and shutdown. These system privileges are discussed in "Administrative Privileges".