Oracle Users and Passwords
When you create a database using the Oracle Database Configuration Assistant (dbca) it will ask you to assign passwords to the default Oracle accounts.
The default accounts are: sys, system, dbsnmp and sysman. The following table provides a basic description of the of the default users.
|SYS||The SYS user owns all base tables and user-accessible view of the data dictionary (Oracle configuration information). No Oracle user should ever alter (update, delete, or insert) any rows or schema objects contained in the SYS schema, because such activity can compromise data integrity. The security administrator must keep strict control of this central account.|
|SYSTEM||The SYSTEM user is used to create additional tables and views that display administrative information, and internal tables and views used by various Oracle options and tools.|
|SYSMAN||The SYSMAN user represents the Enterprise Manager super admin account. This EM admin can create and modify other EM admin accounts as well as admin the database instance itself.|
|DBSNMP||The DBSNMP user is used by EM to monitor the database. EM uses this account to access performance stats about the database. The DBSNMP credentials sometimes referred to as the monitoring credentials.|
In addition to these users, a user can connect with different levels of privileges, namely SYSDBA and SYSOPER. When you connect using "connect sys/passwd as sysdba" your connecting as the SYS user and requesting SYSDBA privs. Because the SYS user is the Oracle equivalent to the UNIX root user Oracle makes you specify the amount of control you have, which is why you'll get an error if you try to connect without specifying the privs:
SQL> connect sys/passwd ERROR: ORA-28009: connection to sys should be as sysdba or sysoper SQL> connect sys/passwd as sysdba Connected. SQL>
The big difference between SYSDBA and SYSOPER privileges is that SYSDBA can do anything (just like the root user in Solaris). The SYSOPER privs allow you just about the same amount of control but won't allow you to look at user data.
Both privs allow you to ALTER DATABASE, CREATE SPFILE, STARTUP or SHUTDOWN, ALTER DATABASE ARCHIVELOG, and includes RESTRICTED SESSION privs. However, only SYSDBA can CREATE or DROP DATABASE, and the ALTER DATABASE RECOVER options for SYSOPER are limited to complete recovery only.
If the database is configured for OS authentication you can log into the database without authenticating to Oracle based on your UNIX UID. OS authentication is enabled or disabled based on the "os_roles" parameter. When you create a database using dbca OS authentication is disabled by default. In fact, you won't be able to enable it unless you edit the initialization parameters by selecting "All Initialization Parameters" and then selecting "Show Advanced Parameters"! If you scroll down the long list you'll see "os_roles" is set as false, which you can then enable if you choose.