ORACLE 参数 O7_DICTIONARY_ACCESSIBILITY

ORACLE 参数 O7_DICTIONARY_ACCESSIBILITY该参数是 ORACLE 的一个安全机制 目的就是为了防止非 sysdba 访问系统关键数据字典 让 sys 用户成为 sysdba 不能以普通用户登陆 MOS 文档 WhatisO7 DICTIONARY ACCESSIBILIT 文档 ID 1 中提到 VersionsPRIO oracle19c 取消 o7 参数

该参数是ORACLE的一个安全机制, 目的就是为了防止非sysdba访问系统关键数据字典,让sys用户成为sysdba, 不能以普通用户登陆

MOS文档: What is O7_DICTIONARY_ACCESSIBILITY and how should it be set ? (文档 ID .1)

中提到:

Versions PRIOR to Oracle 9i:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The default of this parameter is TRUE.

Oracle 9i:
~~~~~~~~~~
The default of this parameter in 9i is FALSE.
The FALSE setting requires login with AS SYSDBA to read the data dictionary, or
to be given explicit object grants.

从9i开始, Oracle明确限定该参数的值为FALSE, 强烈不推荐用户更改该参数

该参数限定了sys用户必须以sysdba 的身份进行登陆

或许有些很奇葩的需求,例如某位领导说: 我任性,我必须要用sys用户以普通身份就能登陆,

那么更改该参数,满足领导吧...

附录:

该MOS的全文:

QUESTIONS:

What does the init.ora parameter named O7_Dictionary_Accessibility do?
How does it affect my database, and how should it be set? 

ANSWERS:

The parameter O7_Dictionary_Accessibility can be set to TRUE or FALSE.
The affect on your database is different depending on whether you are
using Oracle 9i or a version previous to Oracle 9i.


Versions PRIOR to Oracle 9i:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The default of this parameter is TRUE.

The dictionary protection mechanism in Oracle 8 prevents unauthorized users 
from accessing dictionary objects.

Access to dictionary objects is restricted to the users with the system 
privileges SYSDBA and SYSOPER.

System privileges providing access to objects in other schemas do not give 
access to dictionary objects.
For example, the SELECT ANY TABLE privilege enables access to views and tables
in other schemas, but it does not enable you to select dictionary objects.

If the parameter is set to TRUE, which is the default, access to objects in 
SYS schema is enabled (Oracle 7 behavior).

If this parameter is set to FALSE, system privileges that allow access to 
objects in other schemas do not allow access to objects in the dictionary 
schema.

For example, if O7_DICTIONARY_ACCESSIBILITY=FALSE, then the SELECT ANY TABLE 
statement enables access to views or tables in any schema except SYS schema. 
The system privilege, EXECUTE ANY PROCEDURE enables access on the procedures 
in any other schema except in SYS schema.

Oracle 9i:
~~~~~~~~~~
The default of this parameter in 9i is FALSE.
The FALSE setting requires login with AS SYSDBA to read the data dictionary, or
to be given explicit object grants.


Warning:
~~~~~~~~
Oracle has changed from versions 9.0.1 and beyond the default of this parameter
to FALSE, and strongly recommends that you do not change back the parameter.
In the process of turning Oracle Server secure out of the box, this was one of
the reasons we decide to change the parameter.
This way, you can't login with a "regular" SYS connection anymore to look up
data dictionary.
Instead, you should set your own dba accounts with appropriate privileges and
passwords.


References:
~~~~~~~~~~~
Oracle University, Oracle 9i New Features For Adminstrators, Chapter 1, Oracle
Server Security, Page 1-5

Oracle University, Oracle 8: Database Administration, Chapter 19, Managing 
Privileges, Page 19-15



今天的文章 ORACLE 参数 O7_DICTIONARY_ACCESSIBILITY分享到此就结束了,感谢您的阅读。
编程小号
上一篇 2024-12-30 21:17
下一篇 2024-12-30 21:11

相关推荐

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
如需转载请保留出处:https://bianchenghao.cn/bian-cheng-ji-chu/91932.html