Tuesday, May 23, 2006

Limit SYSDBA Login

whoever are the member 'dba' group can login as the SYSDBA
sqlplus / as sysdba


Stategy :
By set parameter SQLNET.AUTHENTICATION_SERVICES in the file SQLNET.ORA. If this parameter is set to NONE, then the auto login of the SYSDBA role is disabled.

$ORACLE_HOME/network/admin directory.

SQLNET.AUTHENTICATION_SERVICES=(NONE)

From that point on, if a *nix user belonging to the group dba wants to connect using the familiar login:

$ sqlplus / as sysdba

They will get:

ERROR:
ORA-01031: insufficient privileges

To connect, you must provide the SYS password.

No comments: