重庆思庄Oracle、Redhat认证学习论坛

 找回密码
 注册

QQ登录

只需一步,快速开始

搜索
查看: 531|回复: 0
打印 上一主题 下一主题

[参考文档] 可以撤销SYSRAC用户的ALTER系统权限吗

[复制链接]
跳转到指定楼层
楼主
发表于 2024-6-9 17:37:24 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
目的:
Can  "ALTER SYSTEM" privilege can be revokved from SYSRAC?


处理方法:
SYSRAC is an administrative user used by CRS to connect to the database and administer it instead of using highly privileged user SYS.
Oracle does not recommend to revoke ALTER SYSTEM privilege to be revoked from SYSRAC user. Because this privilege is necessary for the user to administer the DB.


-bash-4.1$ more catadmprvs.sql
Rem
Rem $Header: rdbms/admin/catadmprvs.sql /main/12 2015/02/25 16:47:32 yulcho Exp $
Rem
Rem catadmprvs.sql
Rem
Rem Copyright (c) 2011, 2015, Oracle and/or its affiliates.
Rem All rights reserved.
Rem
Rem NAME
Rem catadmprvs.sql - Grant privileges to administrative users
Rem
Rem DESCRIPTION
Rem This script grants the required privileges to the following
Rem administrative users:
Rem 1. SYSBACKUP
Rem 2. SYSDG
Rem 3. SYSKM
Rem
Rem NOTES
Rem Must be run connecting as SYS.

---------
-- SYSRAC
---------
-- To be used by CRS agent to administer DB instances.
GRANT alter database TO sysrac;
GRANT alter session TO sysrac;
GRANT alter system TO sysrac;

GRANT select on sys.cdb_service$ TO sysrac;
GRANT select on sys.dba_services TO sysrac;
GRANT select on sys.dba_procedures TO sysrac;

GRANT execute on sys.dbms_drs TO sysrac;
GRANT execute on sys.dbms_service TO sysrac;
GRANT execute on sys.dbms_service_prvt TO sysrac;
GRANT execute on sys.dbms_session TO sysrac;
GRANT execute on sys.dbms_ha_alerts_prvt TO sysrac;

GRANT execute on sys.dbms_server_alert TO sysrac;
GRANT execute on sys.sys$rlbtyp TO sysrac;
GRANT read on sys.recent_resource_incarnations$ TO sysrac;
GRANT aq_administrator_role TO sysrac;

@?/rdbms/admin/sqlsessend.sql
-bash-4.1$

As we can see the above privileges are important for the user SYSRAC to function if you revoke privileges which are granted by default by oracle scripts then this user will become unusable.


Reference:
##########

Bug 19467969 : SYSRAC ADMINISTRATIVE USER NEEDS MORE PRIVILEGES

分享到:  QQ好友和群QQ好友和群 QQ空间QQ空间 腾讯微博腾讯微博 腾讯朋友腾讯朋友
收藏收藏 支持支持 反对反对
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|手机版|小黑屋|重庆思庄Oracle、Redhat认证学习论坛 ( 渝ICP备12004239号-4 )

GMT+8, 2024-11-24 21:40 , Processed in 0.112628 second(s), 21 queries .

重庆思庄学习中心论坛-重庆思庄科技有限公司论坛

© 2001-2020

快速回复 返回顶部 返回列表