- SYS and SYSTEM accounts have the DBA role granted to them by default
- SYS is granted SYSDBA privilege, SYSTEM is not
- To connect to the SYS account, you must use the AS SYSDBA clase
- SYS account in addition has all privileges with ADMIN OPTION
- SYS account owns the data dictionary
- SYS account owns the Automatic Workload Repository (AWR)
- SYS account owns the data dictionary
- Only users with SYSDBA or SYSOPER privilege, are allowed to start up and shutdown the database instance
SYS and SYSTEM accounts are not used for routine operations. Create privileged users for that. For example, Jim has a low privilege account called jim and a privileged account called jim_dba. This method allows the principle of least privilege to be applied, eliminates the need for account sharing, and allows individual actions to be audited.
No comments:
Post a Comment