Shulou(Shulou.com)06/01 Report--

Add a user to the password file

When you grant SYSDBA, SYSOPER, SYSBACKUP, SYSDG, or SYSKM administrative rights to a user, the user's name and permission information are added to the database password file.

The user name is retained in the password file only if the user has at least one of these permissions. If you revoke all these permissions, the Oracle database removes the user from the password file.

Create a password file and add a new user to it

Use the following steps to create a password file and add a new user to it:

Follow the instructions in Creating a Database Password File with ORAPWD to create a password file. Set the REMOTE_LOGIN_PASSWORDFILE initialization parameter to exclusive. (this is the default.)

If you try to grant these permissions, but the initialization parameter REMOTE_LOGIN_PASSWORDFILE is not set correctly, the Oracle database will issue an error. Connect with SYSDBA privileges, as shown in the following example, and enter the SYS password when prompted:

CONNECT SYS AS SYSDBA starts the instance and creates a database if necessary, or mounts and opens an existing database. Create users as needed. Grant SYSDBA, SYSOPER, SYSBACKUP, SYSDG, or SYSKM administrative rights to yourself and other users. See "Granting and Revoking Administrative Privileges". II. Granting and revoking administrator rights

Use the GRANT statement to grant administrative rights. Use the REVOKE statement to revoke administrative privileges.

For example:

GRANT SYSDBA TO mydba;REVOKE SYSDBA FROM mydba

If you specify the WITH ADMIN option in the GRANT statement that grants administrative privileges, the option is ignored and the following rules apply:

A user who is currently connected to SYSDBA can grant any administrative rights to another user and revoke any administrative rights from another user. A user who is currently connected to SYSOPER cannot grant any administrative privileges to or revoke any administrative privileges from other users. A user who is currently connected to SYSBACKUP can grant or revoke SYSBACKUP administrative rights for another user. A user who is currently connected by SYSDG can grant or revoke SYSDG administrative rights for another user. Users who are currently connected to SYSKM can grant or revoke SYSKM administrative rights to other users.

Administrative permissions cannot be granted to roles because roles are available only after the database is started. Do not confuse database administrative permissions with operating system roles.

View the members of the database password file

The V$PWFILE_USERS view contains information about users who have been granted administrative rights. To determine which users are granted administrative privileges:

Query the V$PWFILE_USERS view.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.