My problem is that when i create an object it is always stored in sys schema. Normally when you do not specify the schema, the object should be created in the current schema. I'm using toad 12, and the tab current schema is setted correctly.
What i did wrong? Any idea?.
When you login using the 'AS SYSDBA' - the schema context for your session is set SYS no matter who are logged in as.
From the Docs
When you connect with SYSDBA or SYSOPER privileges, you connect with a default schema, not with the schema that is generally associated with your username. For SYSDBA this schema is SYS; for SYSOPER the schema is PUBLIC.
It's much better practice to ONLY use as sysdba when doing something like taking a backup or shutting down the database or doing an upgrade.
Related
User oracle is configured with os authentication and logged in as oracle.
I am trying to to take full db export using the following expression:
exp 'system/as sysdba' file='full_exp.dmp' log='full_exp.log' consistent='y'
but getting error:
LRM-00108: Invalid positional parameter value 'sysdba'
Also tried with:
exp 'system' file='full_exp.dmp' log='full_exp.log' consistent='y'
Asks for password for system and empty password doesn't work, throws errors EXP-00004, EXP-00056 and ORA-01017.
Please guide me in taking full db export by os authenticated user.
Doing a full export "as sysdba" is a bad idea - a major security risk (plus "system" doesn't have the sysdba privilege by default anyway). You are better off defining a user with exp_full_database and/or datapump_exp_full_database privileges only, with OS authentication or with an Oracle Wallet to hold the credentials, and using that account to run the full export.
create user export_user identified by [password];
grant create session, exp_full_database, datapump_exp_full_database to export_user;
There is a reference on my blog on how to set up an Oracle Wallet for the credentials. Then your expdp or exp command would look like this:
exp export_user file='full_exp.dmp' ...
or
expdp export_user directory=export_dir ...
Last - seriously consider using Datapump (expdp) rather than the old-school "export" utility (exp). Newer versions of Oracle include object types that export doesn't support, and Datapump is generally faster and more flexible in terms of options.
To use Oracle OS authentification for a non SYSDBA connection, you just need to connect with the OS account that is mapped to the Oracle account and use / as user/password:
sqlplus /
expdp / ...
See details for Unix and Windows in
https://oracle-base.com/articles/misc/os-authentication
When i use query bellow to display pluggable in Oracle 12c with user "sys as sysdba"
select name from v$containers;
I displayed all pluggable. But when i connect with user normal. I display CDB$ROOT only.
I want to use user normal to display all pluggable. what do I need grant permission for user normal to display all pluggable same as "sys as dba"?
Thanks a lot
Only users in the container database will be able to see pluggable databases; so you would need to create a user ID in the container database, and grant that user the role SELECT_CATALOG_ROLE and CREATE SESSION and then log into the container database with that new user ID, and you should be good.
By design and intent, users created in a pluggable database cannot see other pluggable database contents. That's one of the main benefits; isolation.
I have a pluggable database in Oracle 12c named PDBORCL.
After a server restart something changed in how to connect to it.
I created a user in that pluggable DB, for the example the user is PETER and the password is also PETER. Before the restart I used to be able to open a Command Prompt, run sqlplus, which would in turn ask for my username and then its password, and it would sign in. Now this does not work, it says invalid username/password. When I log in with SYS and check:
SELECT * FROM dba_users WHERE username = 'PETER';
I get no results.
However, if I sign in using the following from a command prompt, it works:
sqlplus PETER/PETER#PDBORCL
So, the DB is up and running, but it seems to be connecting by default to the wrong pluggable DB. I need to change it to the way it was before the restart, so that it connects by default to that specific pluggable DB.
How can I achieve this?
I found the solution. Change or create the environment variable LOCAL (in Windows) to PDBORCL. I think I read in linux the variable is TWO_TASK. After changing it, the following works:
sqlplus PETER/PETER
Also, just calling sqlplus and waiting to be prompted for username and password works.
You have created a user in pluggableDB and this user is not visible beyond the pluggable DB hence the reason you dont see user PETER when running the above query as sys..
If you want to connect to your pluggable DB directly what you have done above is right else you to connect to sys and the use CONNECT command.
I want to know what is the difference between the following two statements in oracle:
GRANT DBA TO Jack
GRANT ALL PRIVILEGES TO Jack
I advise you not to try providing dba and NEVER provide ALL PRIVILEDGES to any user, because such thing should be done only by experienced developers.
Usually there is only ONE user who is provided DBA role.
As per oracle documentation:
When oracle database is installed, there are two admin roles created:
1. SYS 2. SYSTEM
An SYS role can access internal data dictionary tables of oracle database.
All of the base tables and views for the database data dictionary are stored in the schema SYS. These base tables and views are critical for the operation of Oracle Database. To maintain the integrity of the data dictionary, tables in the SYS schema are manipulated only by the database.
If you flirted with any internal sys tables, you may face license cancellation
The SYSTEM username is used to create additional tables and views that display administrative information, and internal tables and views used by various Oracle Database options and tools. Never use the SYSTEM schema to store tables of interest to non-administrative users.
The DBA role does not include the SYSDBA or SYSOPER system privileges. These are special administrative privileges that allow an administrator to perform basic database administration tasks, such as creating the database and instance startup and shutdown.
Here GRANT ALL PRIVILEGES are provided to user on particular object, even system object, and this does not includes sys and system privilege, you can do any action on such object, this is why you should avoid using ALL PRIVILEGES.
Im very new to Oracle so can anyone please explain about sys and system users?
And also I read these users are granted DBA role . Whether DBA and SYSDBA roles are same ?
(1)
http://www.adp-gmbh.ch/ora/misc/sys_system_internal.html
SYS
SYS is the owner of the database and the owner of the data dictionary.
Never ever create objects in the SYS schema.
The objects belonging to SYS cannot be exported.
SYSTEM
SYSTEM is a privileged administration user, and typically owns Oracle provided tables other than the dictionary. Don't create your own objects under SYSTEM.
(2)
Not, these're not same. There's a big difference between them
For sysdba role, you can look to documentation
http://download.oracle.com/docs/cd/B19306_01/server.102/b14231/dba.htm#sthref137
And from documentation we see that:
The DBA role does not include the SYSDBA or SYSOPER system privileges
Additional differences between a user with the SYSDBA system privilege and a user with DBA role are that a SYSDBA authenticates via the password file and can edit tables in the SYS schema such as USER$, plus the SYSDBA connection will show as SYS and will be audited as SYS in mandatory audit. Of course most SYSDBA users have also been granted the DBA role as well. The difference with actual SYS is that they HAVE to logon as SYSDBA whereas a different DBA user granted SYSDBA system privilege can choose not to…
http://www.oracleforensics.com/wordpress/index.php/2008/09/21/bypassing-ora-01997/
Please read the Oracle documentation. Administrators Guide is a good place to start.
SYSDBA has additional abilities.