Oracle SYSDBA connection - oracle

When we connect to Oracle database for the first time from SQLPlus command line tool, why do we always connect like this
"sys as sysdba"
Can some one tell me the significance of this?
Why do not we do this in MYSQL?
I am new to Oracle, and this question might sound silly. I am learning using Oracle 11g XE.

SYS and SYSTEM are administrative users, they kind of "own" the database. Data dictionary is stored in SYS schema so - if you screw it up, you'll most probably destroy the database. Therefore, never mess up with it - use it only for necessary administrative tasks. Never touch any SYS owned tables (thinking "if I change this I'll make that happen). Even better, create your own user and grant it DBA privilege - it'll be able to do mostly everything you'd ever want.
SYSDBA is a privilege which is automatically granted to user SYS; it lets it perform high-level administrative tasks (such as backup and recovery or upgrade the database). SYSTEM doesn't have it; that's why you don't specify as sysdba when connecting as SYSTEM.
Furthermore, SYSDBA privilege lets you to connect to database instance although database isn't open yet - and lets you start it up.
Saying that you "always connect as sys as sysdba" - well, you don't have to do that "always". There are other predefined users (such as Scott or HR (Human Resources)) you can use. Default username/password combinations are "scott/tiger" and "hr/hr". Though, they are most probably locked so you can't establish connection. That's why you connect as SYS, unlock those accounts (or create new one(s), depending on what you want to do), and then connect as some other user.
More info here:
SYS and SYSTEM users
SYSDBA and SYSOPER system privileges
Why you don't have that in MySQL? Probably because MySQL isn't Oracle.
Finally, as you're new with Oracle, I'd suggest you to visit & bookmark this page: Oracle Database 10gR2 documentation. Yes, it is kind of "old" and you don't use that version, but it is the last one that separated "Getting Started" and "Most popular" books which makes it easy to find and read. I'd suggest you to read:
Concepts, to learn what Oracle is and how it works
Then, depending on what you'd want to do/be (developer or DBA), pick e.g.
2 day DBA
Administrator's guide
or
SQL reference
PL/SQL user's guide and reference
Application developer's guide - fundamentals
Certainly, you can find these books for database version you do use (11g), it is here: Oracle database online documentation 11g Release 2 (11.2) but - as I said - it is not as nicely presented as 10g.
Good luck with Oracle, enjoy!

Related

Using Oracle "Create User" command does not automatically create an associated schema

I'm just getting started with Oracle data export and import and things worked perfectly fine the first time around. But then I came back next day repeated the exact same steps on the same systems, but get ORA-01435: user does not exist error.
System Specs for all machines:
-OS: Windows 2012 R2 x64
-Oracle Server: Oracle 11G Express x64
Objective:
I'm exporting data from Oracle server 1 and importing to Oracle server 2.
Procedure:
Export data dump is successful from Oracle server 1.
but when importing the data dump on Oracle server 2, I follow this procedure:
-Stop IIS service
net stop WAS
Create Schema/user account and Grant privileges before import
net stop WAS
sqlplus / as sysdba;
CREATE user PIE1 identified by PASS1;
GRANT ALL PRIVILEGES TO PIE1;
GRANT IMP_FULL_DATABASE TO PIE1;
According to oracle, all goes well, but look at the first image bellow. In DBeaver, I can see that only the User account PIE1 has been created, but NO schema.
Oracle issue 1. User account created, but not the Schema
Question 1: According to Oracle, the command "Create User" IS supposed to also create an associated Schema. Anyone have an idea why this is no longer working for me? It worked once the night before.
I then continue the import procedure as follows:
imp PIE1/PASS1#xe file=c:\Backups\AVUSER2_6_7.dmp log=c:\Backups\import.log fromuser=AVUSER2_6_7 touser=PIE1;
But get the following error:
Oracle claims the User doesn't exist even though it does
Oracle claims the User doesn't exist even though it does. I repeated the entire procedure and even created an identical import/export user account and credentials, and this error still comes up.
Question 2: Any idea why Oracle "Can't find" a user account that's clearly in the database?
Additional Info:
Checked that my windows account is in admin group
Checked that my windows account is in ORA_DBA group
Opened all CMD prompt as Admin
As you implied, users and schemas as the same in Oracle, you can't have a user without a schema. No idea about DBeaver, but as there are other users that aren't listed under 'schemas' (according to your second image - ANONYMOUS, DIP, ...) that seems to be unrelated.
(Purely a guess, but perhaps the user you're connect as in DBeaver just doesn't have visibility of any objects owned by those users - maybe it only lists users it can see in all_objects, say. Pure speculation, but you could investigate that by looking at the data dictionary while connect through SQL*Plus as the same user. According to this old forum post, there is an option to hide empty schemas...)
The import is connecting successfully as PIE1 - you'd get a different error, ORA-01017, if it wasn't and you wouldn't see the 'Connected to...' banner or anything after that.
Your import command has a trailing semicolon that should not be there. The "importing ... objects into" message shows that it's trying to import into the PIE1; user and not the one you actually created, PIE1. Remove that semicolon and try again.
Incidentally, you can probably also remove the #xe TNS alias and stick to a local connection, assuming the environment is configured as it was whenyou ran SQL*Plus. You should also consider using datapump expdp/impdp rather than the legacy exp/imp.

How to duplicate Oracle database without sysdba privilege

We have an oracle 11g installed on a linux machine. I want to duplicate the database on my local 64-bit windows machine. We have total 403 tables and a few of them have foreign key constraints. I am not a dba so I don't have the sysdba privilege. Also I cannot shutdown the remote database. Is there a quick way to do this rather than I copy the tables one by one? Thanks
Considering you do not have DBA role granted and not having access to server machine, you won't be able to do a cold backup and install in on your machine, because cold backup requires database getting shut downed.
Secondly, you can't use rman utility either.
You can use expdp utility to get database exported as files and import it to your db with impdp utility.But in order to get data exported you at least need CONNECT and RESOURCE roles granted to your user ( Assuming you already have CONNECT otherwise you won't be able to connect to db at all ) and with those roles you can only import objects you already have access to. Including objects you own.
On the other hand, if you need a full database export, then you need EXP_FULL_DATABASE granted. DBA, SYS and some other roles has this role included. So your best chance is to contact dba's asking for the role granted to your user, see how they react to that.

Execute oracle statement using jsp

How can I execute 'conn / as sysdba' using jsp.
Using
PreparedStatement stmt = conn.prepareStatement(sql);
shows java.sql.SQLException: SQL string is not Query?
How can I do it using jsp?
conn is a SQL*Plus command, not a SQL statement. So it can only be used in SQL*Plus (or another client tool that happens to have some support for SQL*Plus commands). You can't use it via JDBC.
conn / as sysdba tells SQL*Plus to use operating system authentication to connect to the database as the user SYS with the SYSDBA role enabled. Operating system authentication in this case would require that SQL*Plus was being invoked on the server where the database is installed and that the user was logged in as the operating system user "oracle". It seems exceedingly unlikely that it would be appropriate and/or possible for a JSP page to use operating system authentication like this-- that would, at a minimum, require that the application server that is running your JSP code is installed on the same server that Oracle is installed on and that it is running as the same operating system user as the Oracle database. Neither of those are particularly likely. Connecting to the database as SYS with the SYSDBA role enabled would also be very odd for a JSP page-- it is exceedingly rare that you would want JSP code to be running with those sorts of privileges. Generally, Oracle databases do not allow connections as SYS from anything other than the machine that Oracle is running on because, in general, only a DBA would be logging in with that account and then only to perform a very small set of tasks that actually require that sort of elevated access.
It should be possible to configure Oracle to accept remote connections for the user SYS with the SYSDBA role. And it should be possible to configure the connection string in your JSP code to use the appropriate password for that account. But it would be so exceedingly rare to want to do both, and would open such a substantial security hole, that I would seriously question whether that's really what you want to do. Can you explain a bit more about the problem you're trying to solve?
Yes, sql is the Query, but you need resultQuery = stmt.executeQuery() to save the result.
Also, take a look to the driver connection, the name of the machine where the DB is and the user name and password.

How to create Oracle database link with sysdba privilege

I want to:
select * from v$database#standby;
Problem:
standby is mounted so only a SYSDBA user can connect to query it
I can't find out how to use a database link using SYSDBA privilege
My goal is to display system information/stats from a standby Oracle database on a web page.
I'm using Oracle APEX. Pages are computed from mod_plsql which runs from an Oracle DB so it is easy to display the result of this kind of query.
Alternative:
How to select * from "shell script"?
I don't think you can do this, based on the few things I've seen via Google.
To sum up, connecting remotely as sysdba uses authentication via the password file. Database links do not attempt to authenticate this way, they are authenticated in the remote database and not externally.
Here's a link to a site that briefly touches upon the subject.
I think what you want is:
CREATE PUBLIC DATABASE LINK STANDBY
rather than CREATE DATABASE LINK STANDBY. I just tested this from sqlplus / as sysdba and was able to query.

What's the difference between the Oracle SYS and SYSTEM accounts?

What are the differences between the Oracle SYS and SYSTEM built in accounts?
Edit: Apart from 3 letters!
SYS owns the oracle data dictionary. Every object in the database (tables, views, packages, procedures, etc. ) all have a single owner. For the database dictionary, and a whole lot of special tables (performance views and the like) are all owned by the SYS user.
The SYSTEM user is supposed to be the master DBA user, with access to all of these object. This reflects an early, and long time, Oracle security design philosophy. You build the application using one user, then create a second with access (select, update, delete) but not drop privileges. This gives you a "super-user" access to your schema without being able to destroy it accidentally. Over the years, thing have been added to the SYSTEM account that may have needed to be in the SYS account. But very few people want to give out access to their SYS account if they don't have to.
SYS can connect AS SYSDBA, SYSTEM cannot.
SYSDBA privilege is required to perform certain administrative tasks, like CREATE DATABASEand DROP DATABASE, and query any tables despite GRANT'ed permissions on them.
In fact, whenever you connect as SYSDBA, you become a SYS.

Resources