Password Files   «Prev  Next»

Lesson 1

Managing the password file in Oracle

This module is about password files. Password files provide a mechanism for authenticating database administrators who connect remotely over a network. When you have completed this module, you should be able to do the following:
  1. Create a new password file
  2. Connect to a database as SYSDBA or SYSOPER
  3. Grant SYSDBA and SYSOPER privileges to DBAs
  4. Configure a database to use a password file
  5. Rebuild a password file
  6. Select from v$pwfile_users to see who has SYSDBA or SYSOPER privileges
Password files play an important role in database security, especially when you are using tools such as Oracle Enterprise Manager to remotely manage a database over a network.

(OMF) Oracle Managed Files

(OMF) Oracle Managed Files simplifies the creation of databases as Oracle does all OS operations and file naming. It has several advantages including:
  1. Automatic cleanup of the filesystem when database objects are dropped.
  2. Standardized naming of database files.

Using orapwd

The Oracle orapwd command line utility assists the DBA with granting
  1. SYSDBA and
privileges to other users. By default, the user SYS is the only user that has these privileges that are required to use orapwd.
Creating a password file by means of orapwd enables remote users to connect with administrative privileges through SQL*Net.
Warning: Using orapwd gives other users the Oracle super user privileges.
The SYSOPER privilege allows instance startup, shutdown, mount, and dismount. It allows the DBA to perform general database maintenance without viewing user data. The SYSDBA privilege is the same as connect internal was in prior versions. It provides the ability to do everything, unrestricted.
If orapwd has not yet been executed, attempting to grant SYSDBA or SYSOPER privileges will result in the following error:
SQL> grant sysdba to scott;  

ORA-01994: GRANT failed: cannot add users to public password file