?
Solved

How to retrict 'Connect as sysdba' to anyone other than sysdba ?

Posted on 2003-03-04
5
Medium Priority
?
1,294 Views
Last Modified: 2008-03-17
Ora9iR2 for win2k installed, I found that I can use any username/password (user is not a member of ORA_DBA group or no such user) to run sqlplus by "sqlplus /nolog" and "connect as sysdba". as below
---------------------------------
C:\Documents and Settings\user>sqlplus /nolog
SQL*Plus: Release 9.2.0.1.0 - Production on Tue Mar 4 11:21:45 2003
Copyright (c) 1982, 2002, Oracle Corporation.  All rights reserved.
SQL> connect as sysdba
Enter user-name: 123
Enter password:
Connected.
SQL>
----------------------------------

Somw questions,
1. How to retrict the unknown user to run "sqlplus /nolog" and "connect as sysdba" ?

2. What database/tablespace does user(sysdba) access after "connect as sysdba" complete ?

Thanks,
0
Comment
Question by:joehuang
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 2

Expert Comment

by:Datamonkey
ID: 8065485
it's not the database user that you restrict, it's the OS user.
If your OS user is part of the ORA_DBA group you can log on 'as sysdba', otherwise you can't
if you connect as sysdba you basicaly use the SYS schema
0
 

Author Comment

by:joehuang
ID: 8065887
As you see from the output below, there is no such user 123 and 456 as OS user or part of the ORA_DBA, and they can logon
-----------------------------------
C:\Documents and Settings\user>sqlplus /nolog
SQL*Plus: Release 9.2.0.1.0 - Production on Tue Mar 4 12:19:14 2003
Copyright (c) 1982, 2002, Oracle Corporation.  All rights reserved.
SQL> connect 123/456 as sysdba
Connected.
SQL> connect 456/789 as sysdba
Connected.
SQL>
------------------------------

Any thought ?

Thanks,





0
 
LVL 2

Expert Comment

by:Datamonkey
ID: 8066172
But the user you're logged on to the OS with is part of the ORA_DBA group, that's what is important.
so if you start windows and log on as 'joehuang' (or whatever), it's that user that is part of the ORA_DBA group. As long as that is the case you can log on 'as sysdba' to oracle, the username you give oracle is not important because the 'as sysdba' gives you the sys schema anyway.
0
 

Author Comment

by:joehuang
ID: 8066265
Well, It make sense with the local logon users. In the other word, the non- ORA_DBA user won't gain access from the remote pc by connect string. Please advise, If I am wrong.
0
 
LVL 2

Accepted Solution

by:
Datamonkey earned 120 total points
ID: 8066376
indeed, the only users that can use this are the ones that are part of the ORA_DBA group with their Windows account on the server
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I remember the day when someone asked me to create a user for an application developement. The user should be able to create views and materialized views and, so, I used the following syntax: (CODE) This way, I guessed, I would ensure that use…
How to Unravel a Tricky Query Introduction If you browse through the Oracle zones or any of the other database-related zones you'll come across some complicated solutions and sometimes you'll just have to wonder how anyone came up with them.  …
This video shows how to Export data from an Oracle database using the Original Export Utility.  The corresponding Import utility, which works the same way is referenced, but not demonstrated.
This video shows how to configure and send email from and Oracle database using both UTL_SMTP and UTL_MAIL, as well as comparing UTL_SMTP to a manual SMTP conversation with a mail server.
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question