oracle12c 的SYSBACKUP、SYSDG、SYSKM系统用户

oracle12c 推出了三个新的系统用户SYSBACKUP、SYSDG、SYSKM，下面文章源自官方文档

1、Administrative Privileges

Administrative privileges that are required for an administrator to perform basic

database operations are granted through the following special system privileges:

■ SYSDBA

■ SYSOPER

■ SYSBACKUP

■ SYSDG

■ SYSKM

You must have one of these privileges granted to you, depending upon the level of

authorization you require.

Starting with Oracle Database 12c, the SYSBACKUP, SYSDG, and SYSKM administrative

privileges are available. Each new administrative privilege grants the minimum

required privileges to complete tasks ineach area of administration. The new

administrative privileges enable you to avoid granting SYSDBAadministrative privilege

for many common tasks.

来查询一下系统用户

SQL> select username from dba_users  where username like 'SYS%';

USERNAME
--------------------------------------------------------------------------------
SYSDG
SYSKM
SYSBACKUP
SYSTEM
SYS

2、Administrative

Privilege Operations Authorized

SYSDBA ■ Perform STARTUPand SHUTDOWNoperations

■ ALTER DATABASE: open, mount, back up, or change character set

■ CREATE DATABASE

■ DROP DATABASE

■ CREATE SPFILE

■ ALTER DATABASE ARCHIVELOG

■ ALTER DATABASE RECOVER

■ Includes the RESTRICTED SESSIONprivilege

This administrative privilege allows most operations, including the

ability to view user data. It is the most powerful administrative

privilege.

SYSOPER ■ Perform STARTUPand SHUTDOWNoperations

■ CREATE SPFILE

■ ALTER DATABASE: open, mount, or back up

■ ALTER DATABASE ARCHIVELOG

■ ALTER DATABASE RECOVER(Complete recovery only. Any form of

incomplete recovery, such as UNTIL

TIME|CHANGE|CANCEL|CONTROLFILErequires connecting as

SYSDBA.)

■ Includes the RESTRICTED SESSIONprivilege

This privilege allows a user to perform basic operational tasks, but

without the ability to view user data.

SYSBACKUP This privilege allows a user to perform backup and recovery

operations either from Oracle Recovery Manager (RMAN) or

SQL*Plus.

See Oracle Database Security Guidefor the full list of operations allowed

by this administrative privilege.

SYSDG This privilege allows a user to perform Data Guard operations. You

can use this privilege with either Data Guard Broker or the DGMGRL

command-line interface.

See Oracle Database Security Guidefor the full list of operations allowed

by this administrative privilege.

SYSKM This privilege allows a user to perform Transparent Data Encryption

keystore operations.

See Oracle Database Security Guidefor the full list of operations allowed

by this administrative privilege.

3、Current Schema and Session User When Connecting AS SYSBACKUP

a user is assigned another schema (SYS) and another

session user (SYSBACKUP) when connecting with the SYSBACKUP administrative

privilege. Assume that the sample user mydba has been granted the SYSBACKUP

administrative privilege and has issued the following command and statements:

这里演示直接用户sysbackup用户登录，并查询当前用户的schema和user

[oracle@test ~]$ sqlplus / as sysbackup

SQL*Plus: Release 12.1.0.2.0 Production on Tue Mar 8 15:44:58 2016

Copyright (c) 1982, 2014, Oracle.  All rights reserved.

Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options

SQL> select sys_context('USERENV','CURRENT_SCHEMA') from dual;

SYS_CONTEXT('USERENV','CURRENT_SCHEMA')
--------------------------------------------------------------------------------
SYS

SQL> select sys_context('USERENV','CURRENT_USER') from dual;

SYS_CONTEXT('USERENV','CURRENT_USER')
--------------------------------------------------------------------------------
SYSBACKUP