This module is about password files.
Password files provide a mechanism for authenticating database administrators who connect remotely over a network. When you have completed this module, you should be able to do the following:
- Create a new password file
- Connect to a database as
SYSOPER privileges to DBAs
- Configure a database to use a password file
- Rebuild a password file
- Select from v$pwfile_users to see who has
Password files play an important role in database security, especially when you are using tools such as Oracle Enterprise Manager to remotely manage a database over a network.
The Oracle orapwd command line utility assists the DBA with granting
- SYSDBA and
privileges to other users. By default, the user SYS is the only user that has these privileges that are required to use orapwd.
Creating a password file by means of orapwd enables remote users
to connect with administrative privileges through SQL*Net.
: Using orapwd gives other users the Oracle super user privileges.
The SYSOPER privilege
allows instance startup, shutdown, mount, and dismount. It allows the DBA to perform general database maintenance without viewing user data. The SYSDBA privilege is the same as connect internal was in prior versions. It provides the ability to do everything, unrestricted.
If orapwd has not yet been executed, attempting to grant SYSDBA or SYSOPER privileges will result in the following error:
SQL> grant sysdba to scott;
ORA-01994: GRANT failed: cannot add users to public password file