9 Replies Latest reply on May 8, 2014 10:46 PM by Dude!

    password file authentication working even after Revoking SYSDBA privilege !

    AnkitV

      Hi All

       

      Please see below scenario...

      show parameter remote_login_passwordfile

      ---EXCLUSIVE

       

      grant sysdba to scott;

       

      select * from V$PWFILE_USERS;

       

      USERNAME                   SYSDBA SYSOPER SYSASM

      ------------------------------ ------ ------- ------

      SYS                        TRUE   TRUEFALSE 
      SCOTT                      TRUE   FALSE   FALSE 

       

      --I am able to login even with an Invalid password

       

      C:\windows\system32>sqlplus scott/p as sysdba

      SQL*Plus: Release 11.2.0.1.0 Production on Wed May 7 15:21:50 2014

      Copyright (c) 1982, 2010, Oracle.  All rights reserved.

      Connected to:

      Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production

      With the Partitioning, OLAP, Data Mining and Real Application Testing options

      SQL> select instance_name from v$instance;

      INSTANCE_NAME

      ----------------

      orcl

      SQL> exit

      Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production

      With the Partitioning, OLAP, Data Mining and Real Application Testing options

       

      -- Revoking SYSDBA from SCOTT

      revoke sysdba from scott;

       

      select * from V$PWFILE_USERS;

      USERNAME                   SYSDBA SYSOPER SYSASM

      ------------------------------ ------ ------- ------

      SYS                        TRUE   TRUEFALSE

       

      SQL> select instance_name from v$instance;

       

      INSTANCE_NAME

      ----------------

      orcl

       

      --But still I am able to login as sysdba that too with wrong password.

       

      C:\windows\system32>sqlplus scott/p as sysdba

      SQL*Plus: Release 11.2.0.1.0 Production on Wed May 7 15:24:43 2014

      Copyright (c) 1982, 2010, Oracle.  All rights reserved.

      Connected to:

      Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production

      With the Partitioning, OLAP, Data Mining and Real Application Testing options

       

      SQL> select instance_name from v$instance;

      INSTANCE_NAME

      ----------------

      orcl

      SQL>

       

      I am LOGGED into OS with user ANKIT. And scott is not in os_dba group. But ANKIT is in os_dba group.

       

      Can you please tell me if I am missing to understand something here ?

       

      thanks.