Why can my new user login as sysdba in oracle? - oracle

I just installed Oracle 11g R2 on windows 7 machine. I am able to login using my sys as sysdba account.
Using the sys account I created a user as follows
create user testuser identified by testuser;
When I try to connect to database with testuser as Normal user it says that 'user testuser lacks CREATE SESSION privilege; logon denied' which is understandable since I have not granted any permissions so far to testuser.
But when I try to login to database using testuser as sysdba, it allows me to connect to database and the selected schema seems to me as SYS schema.
Is there something I am missing because I think user testuser should not be able to even login let alone login to SYS schema. I have also found that I can connect as sysdba with any username regardless of if it is present in the database.
How can I create a regular oracle user which does not have access to any other schema?

Your windows user is part of the dba group (oradba). It uses Windows authentification to connect as sysdba. See this thread on AskTom:
"as sysdba" is extremely powerful, it uses OS AUTHENTICATION, it does
not require database authentication (it is used to login before there
is a "database" or even an "instance"!)
As a member of the dba group, you can login as sysdba with any database user. You can even login without a user: sqlplus / as sysdba.

This is how I would normally create a new user:
create user &1
identified by &2
default tablespace &3
temporary tablespace &4;
grant connect, resource to &1;
grant alter session to &1;
** get the picture; also include other default privileges like "create ... " : sequence, synonym, table, view, database link select_catalog_role etc.

Related

ORA-01017 Invalid Username/Password when connecting to new non-SYSDBA user

I'm pretty new to Oracle, I've been trying to logon with a newly created non-SYSDBA user for a while without success.
I'm using Oracle 19c (Oracle Database 19c Standard Edition 2 Release 19.0.0.0.0 - Production)
I connect to my pdb (orclpdb) as sys with the SYSDBA role
CREATE USER USER1 IDENTIFIED BY PASSWORD;
GRANT CONNECT TO USER1;
I'm using an uppercase user name and password to avoid any doubt.
Then when I try to log as this new user with any role and the correct password I receive ORA-01017
But then if I connect back to the pdb and
GRANT SYSDBA TO USER1;
Now I can log as this new user with the sysdba role:
If I try to connect with any other role or with the wrong password I then receive ORA-01017 Invalid Username/Password
-- Create the common user using the CONTAINER clause.
CREATE USER c##test_user1 IDENTIFIED BY password1 CONTAINER=ALL;
GRANT CREATE SESSION TO c##test_user1 CONTAINER=ALL;
https://oracle-base.com/articles/12c/multitenant-manage-users-and-privileges-for-cdb-and-pdb-12cr1
OR
connect to cdb sqlplus "/as sysdba"
to switch pdb: ALTER SESSION SET CONTAINER = orclpdb;
to check use: SHOW CON_NAME
CREATE USER USER1 IDENTIFIED BY PASSWORD;
GRANT CREATE SESSION TO USER1 container=current;

How to login to Oracle12c using sqldeveloper when I only know credentials that work with sqlplus?

So I have this old Oracle database that I want to some migrate to some other db system.
You'd think that username and password is straight forward, but not when using something by Oracle.
So for sqlplus I just run the command sqlplus and it asks for username and password.
As the user I type in "orcl as sysdba" and then I type in the password. This works.
But SQL Developer doesn't accept that. It has a input field for username. And a select box with options like "standard", "SYSDBA" etc. No matter what I type in it always rejects the credentials.
It also asks for a SID, for which I just use ORCL, because it's the only thing I found where it doesn't complain about that.
I know that "orcl as sysdba" is the correct username for sqlplus. So what is the username for SQL Developer? Why is it not the same? Why does sqlplus not ask for the SID?
It's Oracle 12c from an old project. There is supposed to be a Flash tool at https://localhost:5500/em but the login also doesn't work there.
I have imported a table space from a dump that was made on the production server. I used Oracle 12c because the dump file indicated that this was the version used to dump the data.
Log into Oracle using SQL/Plus as SYSDBA and reset the password for a user account and then log into that account on SQL Developer using the newly reset password.
In SQL/Plus, from the account with the SYSDBA privileges, if you want to change the password off the my_user user then:
ALTER USER my_user IDENTIFIED BY MyNewPassword123;
I know that "orcl as sysdba" is the correct username for sqlplus. So what is the username for SQL Developer? Why is it not the same? Why does sqlplus not ask for the SID?
It is not a correct username. orcl is the username (or maybe the SID) and SYSDBA is the elevated level of privileges you wish to use once connected. You do not need to specify a username if you are connecting via SQL/Plus from the file system local to the database with SYSDBA privileges and can just use:
sqlplus / AS SYSDBA
and your access is authenticated using operating system authentication.
If you want to connect to a user with SYSDBA privileges then you probably want the default sys or system users (and to be careful what you do when connected as those users as you will have full control of the database and can do anything, including changing settings so you break the database).
Something like this:
If you want to find out what user you are connected as (in SQL/Plus) then:
SELECT USER FROM DUAL;
You can then use the same username that that outputs (and the appropriate password, which you can reset using the commands above if required) in SQL Developer.

How to create user and give access to a database

How do I create a new user and give him access to ORCL database in oracle 10 g (TOAD/SQL Developer/SQL Plus). I tried to do this in SQL Developer, but when I try to login with the newly created user, it says "Insufficient privileges"
I think you might be confused between database and schema. Also, remember, user and schema are synonymous. A schema contains the set of objects owned by the user. Other than that, they are similar.
What you need to do is:
SQL> create user test_new identified by test_new;
User created.
SQL> grant create session to test_new;
Grant succeeded.
SQL> conn test_new/test_new#pdborcl;
Connected.
SQL> show user
USER is "TEST_NEW"
Above example shows how to create a user, grant create session privilege just to make sure user is at least able to connect. You would obviously need more privileges for the user to do further tasks.
Usually, you would create roles and grant required privileges to the roles. And then assign the role to a user.
UPDATE
Per the comments, OP is unable to connect via SQL*Developer.
but when I try to login into the SQLDeveloper i get error message Insufficient privileges when Role is set to SysDba
You should not use SYSDBA for a normal user other than SYS.
ORA-01017: invalid username/password; logon denied
Either your username or the password is incorrect. In SQL*Developer you need to correctly provide the
username
password
hostname
port
service_name
Test the connection, if it is success, start using it.

Oracle : System privileges, create user and grant privilages

I have the following connection properties.
Connection Name: MyConnection
UserName : Scott
password : password
Now I want to create a user using the above connection. The query I tried to execute was,
CREATE USER demo IDENTIFIED BY demo;
but I got the error stating that
"insufficient privileges".
An attempt was made to change the current username or password
without the appropriate privilege.
May I know how to create the user.
To create a new user, you should connect as a account with DBA privileges, or the System user if there isn't a named DBA user.

Problems on getting started with Oracle 11g Login issues and doubts

I just finished up installing 11g on my laptop and I got a link which showed up the login page. The installation did ask me for a password and that does work for system.
So, I tried logging in to sqlplus using command prompt like this :
sqlplus / as sysdba
which gives the error : insufficient privileges, but it did ask me for username and password after that to which I typed in system as username and the password I used at the time of installation.
Now it does log me in but I don't have privileges for more privileged commands.
I thought I should login as sys but I get error like : connection as sys should be as sysdba or sysoper.
Just give me a start on how I can login and how I can start interacting with my database right on.
Thanks in advance.
When you use
sqlplus / as sysdba
your current operating system user must be either a privileged user (e.g. root in Linux "Administrator" in Windows) or must be part of the DBA group, otherwise you are not allowed to login without credentials.
If you don't want to change the current OS user, you need to supply the username and password on the commandline:
sqlplus sys/password as sysdba
The user SYS is special because you can only log in as sysdba with that user. On the other hand the SYSTEM user is not allowed to login as sysdba.
Btw: I hope you didn't plan to use SYS or SYSTEM to play around with Oracle. You should never create any tables in those schemas. Create a new user and use that to create tables and basically "use" Oracle.
Use user SYS (as SYSDBA) with password you specified during installation.

Resources