In the versions from 12c onwards,support segregation of duties requirements ,you will also find roles SYSDG, SYSBACKUP and SYSKM, as well as users.
These are somewhat less powerful than sysdba, and meant for special user
actions.
SYSDG for using Data Guard,
SYSBACKUP for ... yes backup actions with RMAN and such, and
SYSKM for security handling with TDE (Transparant Data Encryption).
If you are very strict, you can use them all. Maybe this is useful if you have multiple DBA teams with separate responsibilities. I have not seen it yet. If you are alone on a small environment, SYSDBA will work where DBA is not enough.
SQL>SELECT * FROM
V$pwfile_users;
USERNAME SYSDB SYSOP SYSAS SYSBA SYSDG SYSKM CON_ID
------------------------------ ----- ----- ----- ----- ----- ----- ----------
SYS TRUE TRUE FALSE FALSE FALSE FALSE 0
SYSDG FALSE FALSE FALSE FALSE TRUE FALSE 1
SYSBACKUP FALSE FALSE FALSE TRUE FALSE FALSE 1
SYSKM FALSE FALSE FALSE FALSE FALSE TRUE 1
Please check whether you are using any script that using this users (SYSBACKUP ,SYSDG and SYSKM) .If not using that you can lock those .
ALTER USER
SYSDG ACCOUNT LOCK;
ALTER USER SYSBACKUP ACCOUNT LOCK;
ALTER USER SYSKM ACCOUNT LOCK;
No comments:
Post a Comment