2012-10-23 11gR2 "ADMINISTRATOR'S GUIDE" page 62 - 110

 

Selecting an Authentication Method for Database Administrators
Database Administrators can authenticate database administrators through the data
dictionary, (using an account password) like other users. Keep in mind that beginning
with Oracle Database 11g Release 1, database passwords are case-sensitive. (You can
disable case sensitivity and return to pre–Release 11g behavior by setting the SEC_
CASE_SENSITIVE_LOGON initialization parameter to FALSE.)
从11gR1开始，数据库的密码有区分大小写。

In addition to normal data dictionary authentication, the following methods are
available for authenticating database administrators with the SYSDBA or SYSOPER
privilege: -- 三种方式验证SYSDBA与SYSOPER
 -- Operating system (OS) authentication
 -- Password files
 -- Strong authentication with a network-based authentication service, such as Oracle
Internet Directory

Operating system authentication takes precedence over
password file authentication. If you meet the requirements for
operating system authentication, then even if you use a
password file, you will be authenticated by operating system
authentication. -- 操作系统验证优先于密码文件的验证

 

Sharing and Disabling the Password File
The values recognized
for REMOTE_LOGIN_PASSWORDFILE are:
 -- NONE: Setting this parameter to NONE causes Oracle Database to behave as if the
password file does not exist. That is, no privileged connections are allowed over
nonsecure connections. -- NONE = 这个文件不存在，你无法conn /as sysdba连入数据库

 -- EXCLUSIVE: (The default) An EXCLUSIVE password file can be used with only
one instance of one database. Only an EXCLUSIVE file can be modified. Using an
EXCLUSIVE password file enables you to add, modify, and delete users. It also
enables you to change the SYS password with the ALTER USER command. -- 使用PASSWORD FILE，只有某个实例可使用

 -- SHARED: A SHARED password file can be used by multiple databases running on
the same server, or multiple instances of an Oracle Real Application Clusters
(Oracle RAC) database. A SHARED password file cannot be modified. Therefore,
you cannot add users to a SHARED password file. Any attempt to do so or to
change the password of SYS or other users with the SYSDBA or SYSOPER
privileges generates an error. All users needing SYSDBA or SYSOPER system
privileges must be added to the password file when REMOTE_LOGIN_
PASSWORDFILE is set to EXCLUSIVE. After all users are added, you can change
REMOTE_LOGIN_PASSWORDFILE to SHARED, and then share the file. -- SHARED 多个实例均可使用

Keeping Administrator Passwords Synchronized with the Data Dictionary -- 让PASSWORDFLE与数据字典保持一致
To synchronize the SYS passwords, use the ALTER USER statement to change the SYS
password. The ALTER USER statement updates and synchronizes both the dictionary
and password file passwords. 使用ALTER USER命令保持一致
To synchronize the passwords for non-SYS users who log in using the SYSDBA or
SYSOPER privilege, you must revoke and then regrant the privilege to the user, as
follows: -- 而对于非SYSDBA与SYSOPER的用户，你必须重新REVOKE和GRANT权限给他们，当你的PASSWORDFILE改变之后。
如下：
1. Find all users who have been granted the SYSDBA privilege.
SELECT USERNAME FROM V$PWFILE_USERS WHERE USERNAME != 'SYS' AND SYSDBA='TRUE';
2. Revoke and then re-grant the SYSDBA privilege to these users.
REVOKE SYSDBA FROM non-SYS-user;
GRANT SYSDBA TO non-SYS-user;
3. Find all users who have been granted the SYSOPER privilege.
SELECT USERNAME FROM V$PWFILE_USERS WHERE USERNAME != 'SYS' AND SYSOPER='TRUE';
4. Revoke and regrant the SYSOPER privilege to these users.
REVOKE SYSOPER FROM non-SYS-user;
GRANT SYSOPER TO non-SYS-user;

Creating a Database with Noninteractive/Silent DBCA -- DBCA的SILENT模式安装
The following example creates a database by passing command-line arguments to
DBCA:
dbca -silent -createDatabase -templateName General_Purpose.dbc
-gdbname ora11g -sid ora11g -responseFile NO_VALUE -characterSet AL32UTF8
-memoryPercentage 30 -emConfiguration LOCAL
Enter SYSTEM user password:
password
Enter SYS user password:
password
Copying database files
1% complete
3% complete
...

Issue the CREATE DATABASE Statement -- 脚本建库
CREATE DATABASE mynewdb
USER SYS IDENTIFIED BY sys_password
USER SYSTEM IDENTIFIED BY system_password
LOGFILE GROUP 1 ('/u01/logs/my/redo01a.log','/u02/logs/my/redo01b.log') SIZE 100M BLOCKSIZE 512,
GROUP 2 ('/u01/logs/my/redo02a.log','/u02/logs/my/redo02b.log') SIZE 100M BLOCKSIZE 512,
GROUP 3 ('/u01/logs/my/redo03a.log','/u02/logs/my/redo03b.log') SIZE 100M BLOCKSIZE 512
MAXLOGFILES 5
MAXLOGMEMBERS 5
MAXLOGHISTORY 1
MAXDATAFILES 100
CHARACTER SET US7ASCII
NATIONAL CHARACTER SET AL16UTF16
EXTENT MANAGEMENT LOCAL
DATAFILE '/u01/app/oracle/oradata/mynewdb/system01.dbf' SIZE 325M REUSE
SYSAUX DATAFILE '/u01/app/oracle/oradata/mynewdb/sysaux01.dbf' SIZE 325M REUSE
DEFAULT TABLESPACE users
DATAFILE '/u01/app/oracle/oradata/mynewdb/users01.dbf'
SIZE 500M REUSE AUTOEXTEND ON MAXSIZE UNLIMITED
DEFAULT TEMPORARY TABLESPACE tempts1
TEMPFILE '/u01/app/oracle/oradata/mynewdb/temp01.dbf'
SIZE 20M REUSE
UNDO TABLESPACE undotbs
DATAFILE '/u01/app/oracle/oradata/mynewdb/undotbs01.dbf'
SIZE 200M REUSE AUTOEXTEND ON MAXSIZE UNLIMITED;

 

Run Scripts to Build Data Dictionary Views -- 库建完后需要创建数据字典视图
Run the scripts necessary to build data dictionary views, synonyms, and PL/SQL
packages, and to support proper functioning of SQL*Plus:
@?/rdbms/admin/catalog.sql
@?/rdbms/admin/catproc.sql
@?/sqlplus/admin/pupbld.sql
EXIT

 

Supporting Bigfile Tablespaces During Database Creation
Bigfile tablespaces can
contain only one file, but that file can have up to 4G blocks. The maximum number of
datafiles in an Oracle Database is limited (usually to 64K files). -- Oracle数据库中的文件数量最大可达64000个。

 

You can determine the current default tablespace type for the database by querying the
DATABASE_PROPERTIES data dictionary view as follows: -- 查看数据库中哪些是默认的表空间
SELECT PROPERTY_VALUE FROM DATABASE_PROPERTIES
WHERE PROPERTY_NAME = 'DEFAULT_TBS_TYPE';