- RESTRICTED SESSION: allows to log in even if the database has been opened in restricted mode
- SYSDBA and SYSOPER: These privileges allows you to shutdown, start up, and perform recovery and other administrative tasks in the database. SYSOPER allows a user to perform basic operational tasks, but without the ability to look at the user data. It includes the following system privileges:
- STARTUP and SHUTDOWN
- CREATE SPFILE
- ALTER DATABASE OPEN/MOUNT/BACKUP
- ALTER DATABASE ARCHIVELOG
- ALTER DATABASE RECOVER (complete recovery only, Any form of incomplete recovery, such as UNTIL TIME | CHANGE | CANCEL | CONTROLFILE requires connnecting as SYSDBA)
- RESTRICTED SESSION
The SYSDBA system privilege additionally authorizes incomplete recovery and deletion of a database. Effectively, the SYSDBA system privilege allows a user to connect as the SYS user. - DROP ANY object
- CREATE, MANAGE, DROP, and ALTER TABLESPACE
- CREATE ANY DIRECTORY (potential security hole)
- GRANT ANY OBJECT PRIVILEGE: grant object permissions on objects you do not own
- ALTER DATABASE and ALTER SYSTEM: allows renaming a data file or flushing the buffer cache
Thursday, March 27, 2008
6-12. System privileges
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment