Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,390 --> 00:00:03,640
In this lesson, we'll be
talking about the password
2
00:00:03,640 --> 00:00:07,270
file and administrative
privileges in Oracle.
3
00:00:07,270 --> 00:00:11,050
So in order to do the
operations that a DBA must do,
4
00:00:11,050 --> 00:00:12,880
it's often necessary
that you connect
5
00:00:12,880 --> 00:00:16,150
with the highest administrative
privileges possible.
6
00:00:16,150 --> 00:00:18,100
So there's two types
of ways that we
7
00:00:18,100 --> 00:00:21,040
could make an administrative
connection to an Oracle
8
00:00:21,040 --> 00:00:21,820
database.
9
00:00:21,820 --> 00:00:26,200
One is locally-- that is to say,
actually on the server itself--
10
00:00:26,200 --> 00:00:27,160
or remote.
11
00:00:27,160 --> 00:00:30,700
So you would be connecting in
with a remote tool of some sort
12
00:00:30,700 --> 00:00:33,340
in order to administer
the database.
13
00:00:33,340 --> 00:00:36,250
Now, not every action
that a DBA takes
14
00:00:36,250 --> 00:00:38,320
requires administrative
privileges.
15
00:00:38,320 --> 00:00:41,560
Normally, we think of things
like shutdown and startup,
16
00:00:41,560 --> 00:00:44,890
the creation of a new
database, backup and recovery,
17
00:00:44,890 --> 00:00:47,500
those types of
operations, as requiring
18
00:00:47,500 --> 00:00:49,360
administrative privileges.
19
00:00:49,360 --> 00:00:52,390
The thing that either a
local or a remote connection
20
00:00:52,390 --> 00:00:57,130
will require is that the user
have the SYSDBA privilege.
21
00:00:57,130 --> 00:00:59,080
And that's the
highest role that we
22
00:00:59,080 --> 00:01:03,890
can give to an administrator
in the database.
23
00:01:03,890 --> 00:01:07,490
So local connections are
made using the SYSDBA role.
24
00:01:07,490 --> 00:01:09,530
And that might be
something like,
25
00:01:09,530 --> 00:01:11,150
if we're using a
Linux database, we
26
00:01:11,150 --> 00:01:14,720
might use Secure Shell to
connect to the server itself.
27
00:01:14,720 --> 00:01:17,210
And then we're
actually on the server.
28
00:01:17,210 --> 00:01:20,120
And we connect using
the SYSDBA role.
29
00:01:20,120 --> 00:01:23,510
And even though that is a
connection from a remote place,
30
00:01:23,510 --> 00:01:25,430
or can be, that
we don't actually
31
00:01:25,430 --> 00:01:28,890
have to be using the keyboard
at the server itself,
32
00:01:28,890 --> 00:01:31,370
we call that a local
connection because you're
33
00:01:31,370 --> 00:01:33,830
using SSA, Telnet,
or, in Windows,
34
00:01:33,830 --> 00:01:37,370
you might use Remote Desktop
connection to being virtually
35
00:01:37,370 --> 00:01:38,880
on the machine.
36
00:01:38,880 --> 00:01:40,950
And so we call those
a local connection.
37
00:01:40,950 --> 00:01:43,970
And those are made
using the SYSDBA role.
38
00:01:43,970 --> 00:01:48,010
Remote connections, however,
require a password file.
39
00:01:48,010 --> 00:01:49,990
A password file is
going to be an encrypted
40
00:01:49,990 --> 00:01:53,080
file out on the operating system
actually in the Oracle home
41
00:01:53,080 --> 00:01:56,890
directory that will store
information about users that
42
00:01:56,890 --> 00:02:00,010
can connect with remote
administrative privileges
43
00:02:00,010 --> 00:02:02,000
and the password that they have.
44
00:02:02,000 --> 00:02:04,330
And so we use a tool,
a command line tool,
45
00:02:04,330 --> 00:02:08,560
called orapwd to
create a password file.
46
00:02:08,560 --> 00:02:11,530
The password file will
be located in the Oracle
47
00:02:11,530 --> 00:02:14,710
$ORACLE_HOME/dbs on Linux.
48
00:02:14,710 --> 00:02:19,270
And the name of the file will
be orapwd and then the SID.
49
00:02:19,270 --> 00:02:22,930
On Windows, it will be in
the Oracle home directory
50
00:02:22,930 --> 00:02:26,630
under the database directory
with a slightly different name.
51
00:02:26,630 --> 00:02:29,950
So even though we can't open the
password file and look at it,
52
00:02:29,950 --> 00:02:37,000
we can see information about the
users from the v$pwfile_users
53
00:02:37,000 --> 00:02:39,850
dynamic data dictionary view.
54
00:02:39,850 --> 00:02:42,190
So let's take a
look here at making
55
00:02:42,190 --> 00:02:44,750
a local administrative
connection.
56
00:02:44,750 --> 00:02:46,750
So when we do this, we're
going to use something
57
00:02:46,750 --> 00:02:48,260
like the sqlplus user.
58
00:02:48,260 --> 00:02:51,690
And we'll do sqlplus
slash as sysdba.
59
00:02:51,690 --> 00:02:54,610
We're connected to the database
with the system, highest system
60
00:02:54,610 --> 00:02:55,490
privileges.
61
00:02:55,490 --> 00:02:57,610
And we're able to work on
the database from there--
62
00:02:57,610 --> 00:03:00,800
startups, shutdowns,
those types of things.
63
00:03:00,800 --> 00:03:02,220
But let's look at this again.
64
00:03:02,220 --> 00:03:05,060
So what are we actually
logging in as whenever
65
00:03:05,060 --> 00:03:08,510
we use sqlplus slash as sysdba?
66
00:03:08,510 --> 00:03:11,360
Well, another way that we can
make a connection with SQL Plus
67
00:03:11,360 --> 00:03:14,570
would be username/password.
68
00:03:14,570 --> 00:03:18,020
So it's username slash password.
69
00:03:18,020 --> 00:03:20,860
And if we put in the
incorrect password,
70
00:03:20,860 --> 00:03:24,480
we get an invalid
username/password.
71
00:03:24,480 --> 00:03:27,510
So what are we doing
when we do this,
72
00:03:27,510 --> 00:03:31,710
because we haven't logged in
with any given particular user?
73
00:03:31,710 --> 00:03:34,050
What we're actually doing is
something called operating
74
00:03:34,050 --> 00:03:35,940
system authentication.
75
00:03:35,940 --> 00:03:38,130
So operating system
authentication
76
00:03:38,130 --> 00:03:42,400
is not authenticating our user
with a username and password.
77
00:03:42,400 --> 00:03:45,510
So it's basically like a blank
username and a blank password
78
00:03:45,510 --> 00:03:47,860
separated by a slash.
79
00:03:47,860 --> 00:03:49,960
What we're actually
doing is authenticating
80
00:03:49,960 --> 00:03:53,560
to the user or group on
the operating system.
81
00:03:53,560 --> 00:03:56,260
So on-- the best example,
probably, is in Linux,
82
00:03:56,260 --> 00:03:59,830
where the user that you're
logged into on the system, not
83
00:03:59,830 --> 00:04:02,920
the database, but the
system, server itself,
84
00:04:02,920 --> 00:04:05,500
belongs to a group called DBA.
85
00:04:05,500 --> 00:04:08,080
And if you belong to
that group, than you
86
00:04:08,080 --> 00:04:11,200
are able to connect as SYSDBA.
87
00:04:11,200 --> 00:04:14,020
So if we connect
sqlplus slash as sysdba,
88
00:04:14,020 --> 00:04:16,830
let's do a select
user from dual.
89
00:04:16,830 --> 00:04:21,660
And that tells us that we're
logged in using the SYS user.
90
00:04:21,660 --> 00:04:25,690
So what if we were
to log in as SYS?
91
00:04:25,690 --> 00:04:27,040
Well, that's legitimate as well.
92
00:04:27,040 --> 00:04:29,910
We could do it that way.
93
00:04:29,910 --> 00:04:33,350
However, just to give an
example of how this works,
94
00:04:33,350 --> 00:04:36,360
let's put a wrong
password in there.
95
00:04:36,360 --> 00:04:37,670
And it connects.
96
00:04:37,670 --> 00:04:39,210
So SYS does have a password.
97
00:04:39,210 --> 00:04:41,550
And that would be necessary
for a remote connection.
98
00:04:41,550 --> 00:04:44,580
But since we're using operating
system authentication,
99
00:04:44,580 --> 00:04:48,700
then the username and password
are essentially ignored.
100
00:04:48,700 --> 00:04:52,070
So let's talk about
remote authentication.
101
00:04:52,070 --> 00:04:55,920
So here we are in the
Oracle home directory.
102
00:04:55,920 --> 00:04:57,200
So what we said on Windows--
103
00:04:57,200 --> 00:05:01,130
that the password file necessary
for a remote connection
104
00:05:01,130 --> 00:05:05,210
would be in the Oracle home
directory in the database
105
00:05:05,210 --> 00:05:06,480
directory--
106
00:05:06,480 --> 00:05:09,220
we can see PWDorcl.ora.
107
00:05:09,220 --> 00:05:12,360
And that's the password file.
108
00:05:12,360 --> 00:05:16,860
If we want to look at the users
that are granted the ability
109
00:05:16,860 --> 00:05:24,520
to be a SYSDBA, we would
look from v$pwfile_users.
110
00:05:24,520 --> 00:05:28,360
And so at this point, we see the
user SYS, as we might expect,
111
00:05:28,360 --> 00:05:30,820
and then a couple of
other SYS-related ones
112
00:05:30,820 --> 00:05:33,730
that are fairly new in 12c.
113
00:05:33,730 --> 00:05:36,360
But we don't see
any other users.
114
00:05:36,360 --> 00:05:41,950
So what if I was to do
grant sysdba to scott
115
00:05:41,950 --> 00:05:45,270
and now select from it again?
116
00:05:45,270 --> 00:05:47,720
And now we can see that
the SCOTT user can connect
117
00:05:47,720 --> 00:05:50,000
in remotely as a SYSDBA.
118
00:05:50,000 --> 00:05:53,660
And that validation would
occur when his information
119
00:05:53,660 --> 00:05:56,780
is in the password file
and is read from that
120
00:05:56,780 --> 00:05:59,210
and validates him
as a SYSDBA that
121
00:05:59,210 --> 00:06:01,780
can connect to the database.
9868
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.