{"id":236,"date":"2014-03-06T00:14:29","date_gmt":"2014-03-06T06:14:29","guid":{"rendered":"https:\/\/bijoos.com\/oraclenotes\/?p=236"},"modified":"2026-02-07T15:29:45","modified_gmt":"2026-02-07T21:29:45","slug":"asm-user-management-qa","status":"publish","type":"post","link":"https:\/\/bijoos.com\/oraclenotes\/2014\/236\/","title":{"rendered":"ASM User Management Q&A"},"content":{"rendered":"

\"users\"<\/a>Q: Can you create users in ASM instance?<\/p>\n

A: Yes, absolutely.<\/strong><\/p>\n

Q: Why?<\/p>\n

A: For better security.<\/strong><\/p>\n

Q: I was told there is no database associated with ASM, it is just an instance, so where is this user really created?<\/p>\n

A: You must have a password file to create users. The users are added to password file.<\/strong><\/p>\n

Q: Ha! are there default users?<\/p>\n

A: Yes, SYS and ASMSNMP are default users.<\/strong><\/p>\n

Q: What privileges can I grant to a user?<\/p>\n

A: You can grant SYSDBA, SYSASM or SYSOPER privileges.<\/strong><\/p>\n

Q: How do you create a new user?<\/p>\n

A: Use SQL*Plus, connect to the instance as SYSASM for all user management. You may also use orapwusr<\/em> command in asmcmd<\/em>.<\/strong><\/p>\n

Q: Can you show an example of creating a new user using SQL*Plus?<\/p>\n

A: Sure.<\/strong><\/p>\n

$ sqlplus \/ as sysasm\n\nSQL*Plus: Release 12.1.0.1.0 Production on Wed Mar 5 21:29:59 2014\n\nCopyright (c) 1982, 2013, Oracle.  All rights reserved.\n\nConnected to:\nOracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production\nWith the Automatic Storage Management option\n\nSQL> select * from v$pwfile_users;\n\nUSERNAME                       SYSDB SYSOP SYSAS SYSBA SYSDG SYSKM     CON_ID\n------------------------------ ----- ----- ----- ----- ----- ----- ----------\nSYS                            TRUE  FALSE TRUE  FALSE FALSE FALSE          0\n\nSQL> create user bt1 identified by bt1;\n\nUser created.\n\nSQL> select * from v$pwfile_users;\n\nUSERNAME                       SYSDB SYSOP SYSAS SYSBA SYSDG SYSKM     CON_ID\n------------------------------ ----- ----- ----- ----- ----- ----- ----------\nSYS                            TRUE  FALSE TRUE  FALSE FALSE FALSE          0\nBT1                            FALSE FALSE FALSE FALSE FALSE FALSE          0\n\nSQL> grant sysdba, sysasm to bt1;\n\nGrant succeeded.\n\nSQL> select * from v$pwfile_users;\n\nUSERNAME                       SYSDB SYSOP SYSAS SYSBA SYSDG SYSKM     CON_ID\n------------------------------ ----- ----- ----- ----- ----- ----- ----------\nSYS                            TRUE  FALSE TRUE  FALSE FALSE FALSE          0\nBT1                            TRUE  FALSE TRUE  FALSE FALSE FALSE          0\n\nSQL><\/pre>\n
Q: I notice that you used 12.1 release database. Is this feature available in lower release as well?<\/p>\n
A: Absolutely. the syntax, privileges and functionality is exactly same in 11gR2. This feature is not available in 10g ASM.<\/strong><\/p>\n
$ sqlplus \/ as sysasm\n\nSQL*Plus: Release 11.2.0.2.0 Production on Wed Mar 5 23:07:34 2014\n\nCopyright (c) 1982, 2010, Oracle.  All rights reserved.\n\nConnected to:\nOracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production\nWith the Automatic Storage Management option\n\nSQL> select * from v$pwfile_users;\n\nUSERNAME                       SYSDB SYSOP SYSAS\n------------------------------ ----- ----- -----\nSYS                            TRUE  TRUE  TRUE\nASMSNMP                        TRUE  FALSE FALSE\n\nSQL><\/pre>\n
Q: How do you add user using ASMCMD?<\/p>\n
A: Use the orapwusr<\/em> command to add, modify or delete a user. Use the lspwusr<\/em> command to list the user and privileges.<\/strong><\/p>\n
Q: Can you show how to?<\/p>\n
A: Here, I create an user, modify its privilege, list the user, and finally drop the user. Notice that only one privilege can be granted using the –privilege<\/em> option, and all other privileges gets revoked. Using SQL*Plus, I was able to grant more than one privilege.<\/strong><\/p>\n
$ asmcmd -p\nASMCMD [+] > lspwusr\nUsername sysdba sysoper sysasm \n     SYS   TRUE   FALSE   TRUE \n     BT1   TRUE   FALSE   TRUE \nASMCMD [+] > orapwusr --add --privilege sysasm bt2\nEnter password: ***\nASMCMD [+] > lspwusr\nUsername sysdba sysoper sysasm \n     SYS   TRUE   FALSE   TRUE \n     BT1   TRUE   FALSE   TRUE \n     BT2  FALSE   FALSE   TRUE \nASMCMD [+] > orapwusr --modify --privilege sysdba bt2\nASMCMD [+] > lspwusr\nUsername sysdba sysoper sysasm \n     SYS   TRUE   FALSE   TRUE \n     BT1   TRUE   FALSE   TRUE \n     BT2   TRUE   FALSE  FALSE \nASMCMD [+] > orapwusr --modify --password bt1\nEnter password: ***\nASMCMD [+] > orapwusr --delete bt2\nASMCMD [+] > lspwusr\nUsername sysdba sysoper sysasm \n     SYS   TRUE   FALSE   TRUE \n     BT1   TRUE   FALSE   TRUE \nASMCMD [+] ><\/pre>\n
Q: How do I connect as the new user when logging in?<\/p>\n
A: In SQL*Plus, you use the id and password. For “asmcmd”, there is no option – connect as sysasm or sysdba privilege based on the OS group membership.<\/strong><\/p>\n
$ sqlplus bt1 as sysdba\n\nSQL*Plus: Release 12.1.0.1.0 Production on Wed Mar 5 21:43:41 2014\n\nCopyright (c) 1982, 2013, Oracle.  All rights reserved.\n\nEnter password: \n\nConnected to:\nOracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production\nWith the Automatic Storage Management option\n\nSQL> \nSQL> show user\nUSER is \"SYS\"\nSQL><\/pre>\n
Q: Does ASM write anywhere which user logged in?<\/p>\n
A: I would guess so, but in reality, it does not write which user. Just says [\/], instead of user name. Looking the audit file generated in \u00a0AUDIT_FILE_DEST location.<\/p>\n
$ sqlplus bt1 as sysdba\n\nSQL*Plus: Release 12.1.0.1.0 Production on Wed Mar 5 21:55:34 2014\n\nCopyright (c) 1982, 2013, Oracle.  All rights reserved.\n\nEnter password: \n\nConnected to:\nOracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production\nWith the Automatic Storage Management option\n\nSQL> exit;\n\n$ \n$ cat +ASM_ora_8024_20140305215536821385143795.aud\nAudit file \/u03\/app\/oracle\/grid\/12.1.0\/rdbms\/audit\/+ASM_ora_8024_20140305215536821385143795.aud\nOracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production\nWith the Automatic Storage Management option\nORACLE_HOME = \/u03\/app\/oracle\/grid\/12.1.0\nSystem name:    Linux\nNode name:      btsj.com\nRelease:        2.6.32-200.13.1.el5uek\nVersion:        #1 SMP Wed Jul 27 21:02:33 EDT 2011\nMachine:        x86_64\nInstance name: +ASM\nRedo thread mounted by this instance: 0 \nOracle process number: 21\nUnix process pid: 8024, image: oracle@btsj.com (TNS V1-V3)\n\nWed Mar  5 21:55:36 2014 -08:00\nLENGTH : '149'\nACTION :[7] 'CONNECT'\nDATABASE USER:[1] '\/'\nPRIVILEGE :[6] 'SYSDBA'\nCLIENT USER:[6] 'oracle'\nCLIENT TERMINAL:[5] 'pts\/1'\nSTATUS:[1] '0'\nDBID:[0] ''<\/pre>\n
Q: You are connected as SYSDBA, how about if you connect as SYSASM?<\/p>\n
A: Good question, here the audit file shows the actual user.<\/strong><\/p>\n
$ sqlplus bt1 as sysasm\n\nSQL*Plus: Release 12.1.0.1.0 Production on Wed Mar 5 21:59:43 2014\n\nCopyright (c) 1982, 2013, Oracle.  All rights reserved.\n\nEnter password: \n\nConnected to:\nOracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production\nWith the Automatic Storage Management option\n\nSQL> show user\nUSER is \"SYS\"\nSQL> \nSQL> exit\n\n$ cat +ASM_ora_8106_20140305215946201566143795.aud\nAudit file \/u03\/app\/oracle\/grid\/12.1.0\/rdbms\/audit\/+ASM_ora_8106_20140305215946201566143795.aud\nOracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production\nWith the Automatic Storage Management option\nORACLE_HOME = \/u03\/app\/oracle\/grid\/12.1.0\nSystem name:    Linux\nNode name:      btsj.com\nRelease:        2.6.32-200.13.1.el5uek\nVersion:        #1 SMP Wed Jul 27 21:02:33 EDT 2011\nMachine:        x86_64\nInstance name: +ASM\nRedo thread mounted by this instance: 0 \nOracle process number: 21\nUnix process pid: 8106, image: oracle@btsj.com (TNS V1-V3)\n\nWed Mar  5 21:59:46 2014 -08:00\nLENGTH : '151'\nACTION :[7] 'CONNECT'\nDATABASE USER:[3] 'bt1'\nPRIVILEGE :[6] 'SYSASM'\nCLIENT USER:[6] 'oracle'\nCLIENT TERMINAL:[5] 'pts\/1'\nSTATUS:[1] '0'\nDBID:[0] ''<\/pre>\n
 <\/p>\n
 <\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
Q: Can you create users in ASM instance? A: Yes, absolutely. Q: Why? A: For better security. Q: I was told there is no database associated with ASM, it is just an instance, so where is this user really created? A: You must have a password file to create users. The users are added to … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2],"tags":[],"class_list":["post-236","post","type-post","status-publish","format-standard","hentry","category-infrastructure-exadata"],"acf":[],"jetpack_featured_media_url":"","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/bijoos.com\/oraclenotes\/wp-json\/wp\/v2\/posts\/236","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bijoos.com\/oraclenotes\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bijoos.com\/oraclenotes\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bijoos.com\/oraclenotes\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/bijoos.com\/oraclenotes\/wp-json\/wp\/v2\/comments?post=236"}],"version-history":[{"count":1,"href":"https:\/\/bijoos.com\/oraclenotes\/wp-json\/wp\/v2\/posts\/236\/revisions"}],"predecessor-version":[{"id":3004,"href":"https:\/\/bijoos.com\/oraclenotes\/wp-json\/wp\/v2\/posts\/236\/revisions\/3004"}],"wp:attachment":[{"href":"https:\/\/bijoos.com\/oraclenotes\/wp-json\/wp\/v2\/media?parent=236"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bijoos.com\/oraclenotes\/wp-json\/wp\/v2\/categories?post=236"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bijoos.com\/oraclenotes\/wp-json\/wp\/v2\/tags?post=236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}