Step 7 - Database Administrative Accounts
Learn Oracle - Database Administrative Accounts
Two user accounts are automatically created when Oracle Database is installed:
When Oracle DBA create an Oracle Database, the user SYS is automatically created and
granted the DBA role.
All base tables and views for the database data dictionary are stored in the schema
SYS. These base tables and views are critical for the operation of Oracle Database. To
maintain the integrity of the data dictionary, tables in the SYS schema are manipulated
only by the database. They should never be modified by any user or database
administrator, and no one should create any tables in the schema of user SYS.
(However, Oracle DBA can change the storage parameters of the data dictionary settings if
Ensure that most database users are never able to connect to Oracle Database using the
When Oracle DBA create an Oracle Database, the user SYSTEM is also automatically created
and granted the DBA role.
The SYSTEM username is used to create additional tables and views that display
administrative information, and internal tables and views used by various Oracle
Database options and tools. Never use the SYSTEM schema to store tables of interest to
A predefined DBA role is automatically created with every Oracle Database
installation. This role contains most database system privileges. Therefore, the DBA
role should be granted only to actual database administrators. The DBA role does not
include the SYSDBA or SYSOPER system privileges.
Administrative privileges that are required for an administrator to perform basic
database operations, such as creating the database and instance startup and shutdown,
are granted through two special system privileges, SYSDBA and SYSOPER. Oracle DBA must
have one of these privileges granted to Oracle DBA, depending upon the level of authorization
Oracle DBA require.
The SYSDBA and SYSOPER privileges can also be thought of as types of connections
that enable Oracle DBA to perform certain database operations for which privileges cannot be
granted in any other fashion. For example, Oracle DBA if Oracle DBA have the SYSDBA privilege, Oracle DBA
can connect to the database by specifying CONNECT AS SYSDBA.