1. What will be the benefit of granting sysdba to a normal user. I dont think that it is going to be secure any way. your views are always welcome.
2. How can dba responsibilities be shared among multiple users?
Why you want to grant sysdba to normal user, as you said it not secure.. thats correct..
What normal users daily activity on the database, which required sysdba privilege ?
First, create normal user and grant some administrative privilege to him. Like wise, we may have other normal users and grant different administrative privilege to them. But do not grant sysdba to them.
It make sense, or you can create some role with grants and provide that role to selective users.
One more question.
If I grant sysdba to an OS user say, user1. Then that user can log in as sysdba. Are there any sysdba privileges that he can not enjoy. Or, user1 would be able to enjoy all the privilege that sys user can enjoy.
Thanks for reply.
1 person found this helpful
sysdba is essentially "root" access within the database. If you give it to someone they can do anything, including shut down the database or modify system packages.
Granting system privileges via roles is the appropriate action. You give each user the least privileges needed - just enough to do what they need to.
Where I work there is a separation of "System DBA" and "Application DBA". Application DBAs cannot issue ALTER SYSTEM or ALTER USER but are given access to a package written in-house that includes procedures to do specific things like kill sessions or change a user's default tablespace or password. Those procedures are written to execute the ALTER USER "behind the scenes", but limit what can be passed to it. This allows certain actions to be performed by an Application DBA without granting the full DBA role.