ORACLE 参数 O7_DICTIONARY_ACCESSIBILITY
来源:互联网 发布:手机如何收看网络电视 编辑:程序博客网 时间:2024/05/21 07:13
该参数是ORACLE的一个安全机制, 目的就是为了防止非sysdba访问系统关键数据字典,让sys用户成为sysdba, 不能以普通用户登陆
MOS文档: What is O7_DICTIONARY_ACCESSIBILITY and how should it be set ? (文档 ID 206795.1)
中提到:
Versions PRIOR to Oracle 9i:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The default of this parameter is TRUE.
Oracle 9i:
~~~~~~~~~~
The default of this parameter in 9i is FALSE.
The FALSE setting requires login with AS SYSDBA to read the data dictionary, or
to be given explicit object grants.
从9i开始, Oracle明确限定该参数的值为FALSE, 强烈不推荐用户更改该参数
该参数限定了sys用户必须以sysdba 的身份进行登陆
或许有些很奇葩的需求,例如某位领导说: 我任性,我必须要用sys用户以普通身份就能登陆,
那么更改该参数,满足领导吧...
附录:
该MOS的全文:
QUESTIONS:
What does the init.ora parameter named O7_Dictionary_Accessibility do?
How does it affect my database, and how should it be set?
ANSWERS:
The parameter O7_Dictionary_Accessibility can be set to TRUE or FALSE.
The affect on your database is different depending on whether you are
using Oracle 9i or a version previous to Oracle 9i.
Versions PRIOR to Oracle 9i:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The default of this parameter is TRUE.
The dictionary protection mechanism in Oracle 8 prevents unauthorized users
from accessing dictionary objects.
Access to dictionary objects is restricted to the users with the system
privileges SYSDBA and SYSOPER.
System privileges providing access to objects in other schemas do not give
access to dictionary objects.
For example, the SELECT ANY TABLE privilege enables access to views and tables
in other schemas, but it does not enable you to select dictionary objects.
If the parameter is set to TRUE, which is the default, access to objects in
SYS schema is enabled (Oracle 7 behavior).
If this parameter is set to FALSE, system privileges that allow access to
objects in other schemas do not allow access to objects in the dictionary
schema.
For example, if O7_DICTIONARY_ACCESSIBILITY=FALSE, then the SELECT ANY TABLE
statement enables access to views or tables in any schema except SYS schema.
The system privilege, EXECUTE ANY PROCEDURE enables access on the procedures
in any other schema except in SYS schema.
Oracle 9i:
~~~~~~~~~~
The default of this parameter in 9i is FALSE.
The FALSE setting requires login with AS SYSDBA to read the data dictionary, or
to be given explicit object grants.
Warning:
~~~~~~~~
Oracle has changed from versions 9.0.1 and beyond the default of this parameter
to FALSE, and strongly recommends that you do not change back the parameter.
In the process of turning Oracle Server secure out of the box, this was one of
the reasons we decide to change the parameter.
This way, you can't login with a "regular" SYS connection anymore to look up
data dictionary.
Instead, you should set your own dba accounts with appropriate privileges and
passwords.
References:
~~~~~~~~~~~
Oracle University, Oracle 9i New Features For Adminstrators, Chapter 1, Oracle
Server Security, Page 1-5
Oracle University, Oracle 8: Database Administration, Chapter 19, Managing
Privileges, Page 19-15
- Oracle O7_DICTIONARY_ACCESSIBILITY参数
- Oracle o7_DICTIONARY_ACCESSIBILITY参数
- oracle O7_DICTIONARY_ACCESSIBILITY 参数
- oracle O7_DICTIONARY_ACCESSIBILITY参数
- oracle O7_DICTIONARY_ACCESSIBILITY参数
- ORACLE 参数 O7_DICTIONARY_ACCESSIBILITY
- O7_DICTIONARY_ACCESSIBILITY参数
- O7_DICTIONARY_ACCESSIBILITY参数的理解
- O7_DICTIONARY_ACCESSIBILITY
- O7_DICTIONARY_ACCESSIBILITY&REMOTE_OS_AUTHENT
- oracle -- Oracle初始化参数详解
- oracle参数说明
- Oracle初始化参数文件
- ORACLE隐含参数
- oracle数据库参数
- oracle参数说明
- oracle参数文件
- ORACLE导入导出参数
- Android build.prop参数详解
- 如何查看alert.log告警日志
- 4、利用Request和Beautiful Soup抓取指定URL内容
- 内存架构
- BZOJ 2565 最长双回文串 Manacher
- ORACLE 参数 O7_DICTIONARY_ACCESSIBILITY
- 外边距的垂直方向上的合并现象
- sdutacm-数据结构实验之排序五:归并求逆序数
- 安卓组件------列表选择框
- MVP矩阵
- Redis 列表原理实现及操作
- 弹性盒子
- Cynthia问题、任务、缺陷管理系统
- RPL(11):RFC6550翻译(11)---多播操作