OracleDB12c New Feature: Added Administrative Privileges

Oracle11g Grid Infrastructure introduced SYSASM administrative privilege, in 12c we have 3 more administrative privileges… SYSBACKUP, SYSDG, SYSKM.

SYSDBA, SYSOPER and SYSASM privileges and behavior are similar to 11gR2 in 12c database as well.

SYSBACKUP administrative privilege has ability to perform RMAN backup and recovery operations, database startup and shutdown. This administrative user connects to the database as SYSBACKUP user [remember SYSDBA and SYSASM connect to the database as SYS user]. Read list of privileges for SYSBACKUP in Oracle Documentation.

SYSDG administrative privilege has ability to perform Data Guard operations (including startup and shutdown) using Data Guard Broker or dgmgrl. This administrative privilege connects to the database as SYSDG user. Read list of privileges for SYSDG in Oracle Documentation.

SYSKM administrative privilege has ability to perform transparent data encryption wallet operations. This privilege connects to the database as SYSKM user. Read list of privileges for SYSKM in Oracle Documentation.

The new default users SYSBACKUP, SYSDG and SYSKM cannot be dropped.

With the introduction of new administrative privileges, the super administrator privilege SYSDBA should be used only for major operations such as upgrade.

The Unified Audit Trail captures all activities by administrative users.

 

Leave a Reply

%d bloggers like this: