Before a new database, by plsqldeveloper log on, use the system user, identity as SYSDBA, the result error: insufficient privileges (Permission denied). Choice but to let the user log in the implementation of sys grant sysdba to system users for the system to give sysdba privileges.
Here was the question: Is not the default system user with SYSDBA privileges it? If not, why the former often built directly after the database system can use it as sysdba login?
Must first understand that, in the Oracle database system, user privileges if you want to user (INTERNAL / SYSDBA / SYSOPER) Log Oracle have two authentication methods: the operating system authentication (OS), the password file authentication. OS authentication refers to Oracle in the registry, let the operating system to complete the logged on user permissions validation. Specifically: When installing Oracle (note not create Oracle database instance), Oracle database server where the operating system will have a user group (windows default is ORA_DBA), this group of users log on after the operating system to log on Oracle , whether he entered what user name password, can log on to sysdba success. But this time is actually a sys user login, so login to show user command after the success of the current logged in user view, the return to the sys.
Password file validation is, Oracle through a password file permissions of the logged on user to verify that this file records the sys user password and other privileges of the user's user name / password, popular to say that this file records the current with sysdba The user name and password privileges. Usually the password file is stored in the% ORACLE_HOME% \ DATABASE directory, using the Oracle Instance Manager to create a database instance when Hou, Oracle will automatically create a corresponding instance of the password file, the file name PWDSID.ORA, including representatives of SID the corresponding Oracle database system identifier. This password file is the initial basis for database management. After this, the administrator can also require the use of hand tools ORAPWD.EXE create a password file.
So where the two authentication settings do? Specific in Oracle9i is% ORACLE_HOME% \ ora92 \ network \ admin \ sqlnet.ora file, the following configuration:
SQLNET.AUTHENTICATION_SERVICES = (NONE) # This is the password file authentication.
SQLNET.AUTHENTICATION_SERVICES = (NTS) # This is OS authentication.
Having the authentication, to tell you the sys, system user privileges. sys user has dba, sysdba, sysoper other role or authority, is the highest authority oracle user, all oracle data dictionary base tables and views are stored in the sys user, the landing can only use sysdba, sysoper these two identities , can not use normal status. system users have the role of general dba privileges, can only be landed as normal, unless you give it a sysdba of system privileges or syspoer system privileges.
Back to the previous question, why a lot of time before the system user can use it as a syadba login? Because Oracle's authentication time is the OS mode. This time I log on before the changes to the sqlnet.ora file, so I can not log on the system user sysdba.