Ron, Here's the deal with sys and system. To have ultimate authority (like to shut down and start up the database), you have to log on with sysdba privileges. That means putting a username in the password file, which bestows the ability to log on with sysdba privileges. Here's the thing. No matter who you give those sysdba privileges to by putting their logon in the password file, Oracle sees it as sys. So if you give Fred sysdba privileges, and he logs on like so:
connect fred/[EMAIL PROTECTED] as sysdba then do a: select username from v$session it will show: username ======== mary tom sys but no fred, because Oracle sees anyone logged on with sysdba privileges as sys. One other thing. sysdba is a privilege, and can't be granted to a role, only to a user. Then, as I said, Oracle will see that user as sys whenever he or she logs on with that privilege. HTH, Mike -----Original Message----- Sent: Wednesday, November 12, 2003 1:05 PM To: Multiple recipients of list ORACLE-L We are being asked by Auditing to stop using the SYS, and SYSTEM accounts. They would like for us to create an Oracle Role with the same permissions a SYS and SYSTEM, then grant the role to each of the DBA's. Don't ask me why. Nothing is being audited in 99% of the databases. They just say it in a paper some where so they said we shouldn't use it. This seems like it would cause lots of problems with exports, imports, installs, etc... Has anyone had to deal with this type of request? Any potential problems with making the change? Thanks! Ron Smith This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Michael Milligan INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
