It is possible to allow the use of sqlplus at OS level to a certain user or group, but restrict the use of "sqlplus / as sysdba" to the same user o group?
Restrict user to use ‘conn /as sysdba’ from OS Level
2k Views Asked by MasterC At
2
There are 2 best solutions below
0
Mark D Powell
On
Normally anyone with an Oracle username assigned to them can use SQLPLus but only members of the Oracle owner OS group can use sqlplus as sysdba without needing a password. This privilege is normally assigned to OS group DBA, but can be different. I have worked on a system where members of the DBA group could not connect using as sysdba since Oracle as set up only in oinstall. This is configured at install time. The answer to your question as asked is, No. If you assign them to the privileged group then they have the privilege.
Related Questions in LINUX
- How do I recursively find and replace only in files named index.php on Linux webserver?
- passing text with \n as one argument in shell
- kernel module does not print packet info
- How to send ESC/POS commands to thermal printer in Linux
- (x64 Nasm) Writeline function on Linux
- How do I set the Hive user to something different than the Spark user from within a Spark program?
- Default priority of thread with SCHED_FIFO
- Calling a python function with options from shell script
- How to split a directory into parts without compressing or archiving?
- Cross compile simple standard C program on Linux for Mac
- How to offload NAPI poll function to workqueue
- python netifaces - How to get currently used network interface
- Unexpected output from function
- mingw-64 conflicting declarations when cross-compiling
- Different behavior of async with Visual Studio 2013(Windows8.1) and GCC 4.9(Ubuntu14.10)
Related Questions in ORACLE
- Column displays each count
- MAX and GROUP BY - SQL
- Best Practice for adding columns to a Table in Oracle database
- Updating an Oracle row with value from same row
- Retrieving data from Oracle database
- Ibatis execute update sql on oracle, it is not working and no exceptions
- Building an sql execution plan history
- Implementation of Rank and Dense Rank in MySQL
- how to update the date field for this specific condition using oracle query?
- Oracle stored procedure wrapping compile error with inline comments
- Android: How to connect oracle database using Android Java code?
- SQL Conditional Join on Columns
- Multi value wildcard search in ibatis
- Get count of consecutive days meeting a given criteria
- How to update the metadata of a layer in Oracle imported through FME Workbench?
Related Questions in SECURITY
- Can MVC.NET prevent SQL-injection at razor or controller level?
- Forgotten password reset page: should the user need to enter a username/email as well?
- Dynamic roles list in CustomAuthorize ASP MVC
- Access roles from multiple applications
- How to Fix TLS CBC Incorrect Padding Abuse Vulnerability on Windows 2003 Server
- Evernote Web Clipper and Content Security Policy
- Invalidate user credentials when password changes
- Spring Boot MVC non-role based security
- Correct Captcha behaviour on error
- Is macro more secure than static const if I don't want someone to know or change the hardcode value?
- In Android, ensuring only pre-decided users can only use the app
- Authenticating plain text passwords against md5 hash in DB using Apache Shiro
- Symfony2 - handle HTTP/Entity user access restrictions
- Client side computation without exposing code?
- searchable row level encryption using java?
Related Questions in UBUNTU
- Git init --bare giving error fatal: Out of memory? mmap failed: No such device
- EMACS-Live + Slime error at startup
- Vagrant - Ansible error installing Apache
- Openfire Smack Connection issue
- Error in Ruby on Rails on Ubuntu 14.04
- Django webapp (on an Apache2 server) hangs indefintely when importing nltk in views.py
- C++ string and char* manipulation acting weird
- Data transfer between Ubuntu/Windows to network
- How to upgrade Node js version to 0.12.4 on Ubuntu
- How do I install Intellij on Ubuntu 15.04?
- Can't run django-admin startproject mysite (ubuntu, django.core.exceptions.ImproperlyConfigured)
- How to add apt key with --recv-keys instead of --recv?
- Express - Multiparty/Formidable unable to parse files greater than 100kb on Ubuntu. Callback of Parse is not called at all
- Unable start mongoose im in ubuntu. process crashes
- Tkinter application topmost, even over fullscreen
Related Questions in SYSDBA
- Access table user in sysdba privilege
- Unable to login to Sqlplus as sysdba: "ORA-01031: insufficient privileges"
- Reg: sysdba not logging, system user and other user connecting
- Changing SYSDBA user password in InterBase
- I inatalled Oracle db 19c and login as user sys as sysdba the error,"ORA-12154: TNS:could not resolve the connect identifier specified" accured
- Firebird/Interbase - create new user/view without SYSDBA
- ORA-01031: insufficient privileges while connecting with sys as sysdba
- Django Oracle connection as SYS should be as SYSDBA or SYSOPER
- group two tables result without duplicate results
- "sysdba" login in Sql Server 2014? Why?
- java.lang.SecurityException: policy table update SYS:JAVA.LANG.RUNTIMEPERMISSION, GETCLASSLOADER
- Oracle 12c pluggable database won't start
- Restrict user to use ‘conn /as sysdba’ from OS Level
- Grant DBA role to a user in cloud
- Login as SYS user to Oracle 11g from .NET
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
If I understood your question correctly the answer to the question is YES, as long as the user is not part of the
dbagroup. The execute flag is set for "others" by default, so any user can runsqlplusand connect with a username/password. You don't even have to setup a new user or group specifically, just make sure that the user is not part of thedbagroup:Default rights for
sqlplushave set the execution flag forothers:User
geraldis not part ofdbagroup and therefore not allowed to connect viasqlplus / as sysdba:However, the user
geraldcan still runsqlplusand connect via username/password:Obviously, if you don't want to give users
SYSaccess at all, don't share the SYS password with them!