If the SYSDBA privilege gives the grantee ultimate authority, then why does the SYS user also have the DBA role in addition to the SYSDBA privilege?
Asked
Active
Viewed 501 times
0
Mehdi Charife
- 131
- 1
- 12
1 Answers
1
SYSDBA "priv" is not just another priv, it actually logs you in as SYS. It doesn't grant you rights in itself... being SYS does that.
DBA is a role that contains a host of system level privileges that control what you can do within the database, regardless of what user you are. So the two things are not overlapping. If you connect AS SYSDBA you will actually be SYS, and thereby possess the DBA role with its privileges (in additional to owning all the dictionary objects).
That being said, it remains to be seen whether the DBA role is even needed by SYS. That depends on whether Oracle's internal code everywhere recognizes SYS as special or whether (in places at least) it relies on the traditional privilege model. I wouldn't want to revoke DBA from SYS and mess up a database to find out!
Paul W
- 681
- 2
- 8