标签:12c AUG 17 09 SYSBACKUP oracle12c cndba oracle RMAN
oracle12c 推出了三个新的系统用户SYSBACKUP、SYSDG、SYSKM,下面文章源自官方文档
1、Administrative Privileges
Administrative privileges that are required for an administrator to perform basic
database operations are granted through the following special system privileges:
■ SYSDBA
■ SYSOPER
■ SYSBACKUP
■ SYSDG
■ SYSKM
You must have one of these privileges granted to you, depending upon the level of
authorization you require.
Starting with Oracle Database 12c, the SYSBACKUP, SYSDG, and SYSKM administrative
privileges are available. Each new administrative privilege grants the minimum
required privileges to complete tasks ineach area of administration. The new
administrative privileges enable you to avoid granting SYSDBAadministrative privilege
for many common tasks.
来查询一下系统用户
[oracle@test ~]$ sqlplus / as sysbackup
SQL*Plus: Release 12.1.0.2.0 Production on Tue Mar 8 15:44:58 2016
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Connected to :
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
SQL> select sys_context( 'USERENV' , 'CURRENT_SCHEMA' ) from dual;
SYS_CONTEXT( 'USERENV' , 'CURRENT_SCHEMA' )
--------------------------------------------------------------------------------
SYS
SQL> select sys_context( 'USERENV' , 'CURRENT_USER' ) from dual;
SYS_CONTEXT( 'USERENV' , 'CURRENT_USER' )
--------------------------------------------------------------------------------
SYSBACKUP
概念
A new administration privilege, SYSBACKUP, allows Recovery Manager (RMAN) users to connect to the target database and run RMAN commands, no longer requiring SYSDBA. This feature enforces the separation of duty security model, whereby backup operators only need SYSBACKUP privilege to run RMAN commands and have separate responsibilities from database administrators who need real SYSDBA privileges. 一个新的管理特权,SYSBACKUP,允许Recovery Manager(RMAN)用户连接到目标数据库,并运行RMAN命令,不再需要SYSDBA。 这一特性强制执行了职责安全模型的分离,即备份操作符只需要SYSBACKUP权限来运行RMAN命令,并从需要真正的SYSDBA特权的数据库管理员那里承担独立的职责。 RMAN连接到数据库的方式与SQL*Plus连接到数据库的方式相同。唯一的区别是,RMAN连接到目标或辅助数据库需要SYSDBA或SYSBACKUP特权。任何用户都可以授予此特权。
实验
以下操作是在Oracle 12.1.0.2.0 版本数据库中操作 1) 给PDB 用户test 赋予sysdba 权限,RMAN两种方式连接目标数据库,并操作RMAN 命令 SQL> grant sysdba to test; Grant succeeded. [oracle@host1 ~]$ rman target test/test@pdbcndba Recovery Manager: Release 12.1.0.2.0 - Production on Wed Aug 9 15:39:52 2017 Copyright (c) 1982, 2014, Oracle and/or its affiliates. All rights reserved. connected to target database: CNDBA (DBID=215559030) [oracle@host1 ~]$ rman Recovery Manager: Release 12.1.0.2.0 - Production on Wed Aug 9 15:40:44 2017 Copyright (c) 1982, 2014, Oracle and/or its affiliates. All rights reserved. RMAN> connect target test/test@pdbcndba connected to target database: CNDBA (DBID=215559030) 2)PDB 用户 cndba 赋予sysbackup 权限,RMAN后面一种方式连接目标数据库,并操作RMAN 命令 SQL> create user cndba identified by cndba 2 / User created. SQL> grant sysbackup to cndba; Grant succeeded. [oracle@host1 ~]$ rman target /"cndba@pdbcndba as sysbackup/" Recovery Manager: Release 12.1.0.2.0 - Production on Wed Aug 9 15:26:30 2017 Copyright (c) 1982, 2014, Oracle and/or its affiliates. All rights reserved. target database Password: RMAN-00571: =========================================================== RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS =============== RMAN-00571: =========================================================== RMAN-00554: initialization of internal recovery manager package failed RMAN-04005: error from target database: ORA-01031: insufficient privileges [oracle@host1 ~]$ rman Recovery Manager: Release 12.1.0.2.0 - Production on Wed Aug 9 15:34:38 2017 Copyright (c) 1982, 2014, Oracle and/or its affiliates. All rights reserved. RMAN> connect target "cndba/cndba@pdbcndba as sysbackup" connected to target database: CNDBA (DBID=215559030) RMAN> list backup; using target database control file instead of recovery catalog List of Backup Sets =================== BS Key Type LV Size Device Type Elapsed Time Completion Time ------- ---- -- ---------- ----------- ------------ --------------- 28 Full 715.90M DISK 00:00:33 09-AUG-17 BP Key: 33 Status: AVAILABLE Compressed: NO Tag: TAG20170809T002639 Piece Name: /u01/app/oracle/fast_recovery_area/CNDBA/55DE010CACAA2E2FE055FE1D161C38B5/backupset/2017_08_09/o1_mf_nnndf_TAG20170809T002639_drmso99v_.bkp List of Datafiles in backup set 28 File LV Type Ckp SCN Ckp Time Name ---- -- ---- ---------- --------- ---- 8 Full 3011898 09-AUG-17 /u01/app/oracle/oradata/cndba/pdbcndba/system01.dbf 9 Full 3011898 09-AUG-17 /u01/app/oracle/oradata/cndba/pdbcndba/sysaux01.dbf 10 Full 3011898 09-AUG-17 /u01/app/oracle/oradata/cndba/pdbcndba/pdbcndba_users01.dbf 11 Full 3011898 09-AUG-17 /u01/app/oracle/oradata/cndba/pdbcndba/test01.dbf RMAN> backup datafile 11; Starting backup at 09-AUG-17 allocated channel: ORA_DISK_1 channel ORA_DISK_1: SID=61 device type=DISK channel ORA_DISK_1: starting full datafile backup set channel ORA_DISK_1: specifying datafile(s) in backup set input datafile file number=00011 name=/u01/app/oracle/oradata/cndba/pdbcndba/test01.dbf channel ORA_DISK_1: starting piece 1 at 09-AUG-17 channel ORA_DISK_1: finished piece 1 at 09-AUG-17 piece handle=/u01/app/oracle/fast_recovery_area/CNDBA/55DE010CACAA2E2FE055FE1D161C38B5/backupset/2017_08_09/o1_mf_nnndf_TAG20170809T153759_drogyqm1_.bkp tag=TAG20170809T153759 comment=NONE channel ORA_DISK_1: backup set complete, elapsed time: 00:00:03 Finished backup at 09-AUG-17 Starting Control File and SPFILE Autobackup at 09-AUG-17 piece handle=/u01/app/oracle/fast_recovery_area/CNDBA/autobackup/2017_08_09/o1_mf_s_951579482_drogyvl6_.bkp comment=NONE Finished Control File and SPFILE Autobackup at 09-AUG-17
标签:12c,AUG,17,09,SYSBACKUP,oracle12c,cndba,oracle,RMAN 来源: https://blog.51cto.com/lhrbest/2703003
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。