Help - Search - Members - Calendar
Full Version: Default users with sys privileges
Oracle DBA Forums > Oracle > Oracle Forum
andy_9
Hey,

where can I get a list of default users with system privileges in 9i, 10g and 11g? Is there any possibility to get such a list?

Thanks
dave
define what you mean by system priveleges
andy_9
I think all privileges in sys.dba_sys_privs are system privileges. So, I would filter all end-users (not the default-users like SYS, SYSTEM and so on) with system privileges out of this table. I need the default-users who have system privileges to filter the end-users out of the table
dave
there arent any default users apart from sys and system who have those priveleges

also look in v$pwfile_users
andy_9
what about:
'DBA',
'EXP_FULL_DATABASE',
'IMP_FULL_DATABASE',
'DELETE_CATALOG_ROLE',
'EXECUTE_CATALOG_ROLE',
'SELECT_CATALOG_ROLE',
'RECOVERY_CATALOG_ROLE',
'RECOVERY_CATALOG_OWNER',
'HS_ADMIN_ROLE',
'AQ_USER_ROLE',
'AQ_ADMINISTRATOR_ROLE'

They all have system privileges in my 11g and I didn't create these users.

And what is the content of that view? I just have SYS in it.
dave
they are roles, not user accounts
andy_9
Hm...yeah right. What I did is:

select grantee, privilege, admin_option
FROM sys.dba_sys_privs
WHERE grantee NOT IN
(SELECT role from dba_roles)
AND grantee NOT IN ('SYS', 'SYSTEM', 'DBA', 'SYSMAN')

But I'm still gettin an awful lot records like "IX", "OWBSYS", "WKSYS" and so on.

Any Idea how to get my desired result?
SteveC
No. You need to figure out what it is you are asking for - and have an understanding of the difference between users and roles. You said default users - the ones you just mentioned are exactly that. What are you looking for, specifically?
tim2boles
QUOTE (andy_9 @ Jul 10 2008, 01:35 PM) *
Hm...yeah right. What I did is:

select grantee, privilege, admin_option
FROM sys.dba_sys_privs
WHERE grantee NOT IN
(SELECT role from dba_roles)
AND grantee NOT IN ('SYS', 'SYSTEM', 'DBA', 'SYSMAN')

But I'm still gettin an awful lot records like "IX", "OWBSYS", "WKSYS" and so on.

Any Idea how to get my desired result?


I am not totally sure but a good place to start is with Petre Finnigan whom I would consider a security guru. He has produced a list of defualt users and passwords which can be found here:
http://www.petefinnigan.com/default/defaul...ssword_list.htm

Lots of good informaiton on his site.

Tim
andy_9
QUOTE (SteveC @ Jul 10 2008, 04:31 PM) *
No. You need to figure out what it is you are asking for - and have an understanding of the difference between users and roles. You said default users - the ones you just mentioned are exactly that. What are you looking for, specifically?


But all the mentioned users are like default. They were created during the installation. I didn't create any of them. So, there must be some more than SYS and SYSTEM.
SteveC
This is nonsensical - we know you didn't create them, the fact you listed several shows there is more than sys and system. What is your question or confusion about? Install Oracle and create a seed/test database. You get lots of default users. They have a variety of system and object privileges. What's the question?
andy_9
QUOTE (SteveC @ Jul 10 2008, 04:40 PM) *
This is nonsensical - we know you didn't create them, the fact you listed several shows there is more than sys and system. What is your question or confusion about? Install Oracle and create a seed/test database. You get lots of default users. They have a variety of system and object privileges. What's the question?


My question is: How to get the user accounts which were not created by the database and have system privileges?
SteveC
The database does not create users other than sys or system. You create other users, or a script/command/tool you choose to run creates them.
http://download.oracle.com/docs/cd/B19306_...te.htm#i1009187

Since you, as the user, are creating additional users, you can control which system privileges are granted. In other words, you created the user, so you tell us what privileges you granted.

It is almost blatantly obvious that if you (manually or otherwise) create users, they are going to have system privileges (via the connect role). What's the point of creating a user if he/she is not going to ever connect to the database? Or create session? In addition to system privileges, which roles were granted?

In other words, you are looking at every user except sys and system, and they're all going to have system privileges of some sort, some more than others - BUT you are the one who decides what these users get. Query the appropriate data dictionary views (or use Toad, and see this quite easily) to list/report what you did.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.