By default if a user has Operating System System administrator privilege he can connect to the oracle database without providing any password:
For example in windows operating system if I am connected as the Administrator use I can easily connect using the command sqlplus / as sysdba as shown below:
Lets see how we can avoid this:
1. Create a user in windows by Right clicking of My Computer icon given in the Desktop and selecting Manage and then select the Local Users and Groups.
Here I have created a user by the name of tamal.
Next let us try connect as the OS user again.
This makes it clear that c:> sqlplus / as sysdba or SQL>conn / as sysdba only works if the operating user is a system administrator.
In order to allow non-system administrator to connect to the oracle database must:
Grant the user connect privilege:
Try to connect:
As we can see both the connect method are working.
For example in windows operating system if I am connected as the Administrator use I can easily connect using the command sqlplus / as sysdba as shown below:
Lets see how we can avoid this:
1. Create a user in windows by Right clicking of My Computer icon given in the Desktop and selecting Manage and then select the Local Users and Groups.
Here I have created a user by the name of tamal.
Now logout from the Administrator account and login as the Tamal user
Next let us try connect as the OS user again.
As we can see Oracle returns us error code : ORA-01017.
This makes it clear that c:> sqlplus / as sysdba or SQL>conn / as sysdba only works if the operating user is a system administrator.
Oracle database doesn't allow non-administrator to connect because oracle database is not aware of them.
In order to allow non-system administrator to connect to the oracle database must:
- Create a database user with the same name as the OS user prefixed by the os_authent_prefix value.
- Grant the connect previlege to him.
Then create the database user by the name of the OS user prefixed by the value of os_authent_prefix (in windows OS you need to know the domain name):
Grant the user connect privilege:
Try to connect:
As we can see both the connect method are working.