Hey,

where can I get a list of default users with system privileges in 9i, 10g and 11g? Is there any possibility to get such a list?

Thanks

define what you mean by system priveleges

I think all privileges in sys.dba_sys_privs are system privileges. So, I would filter all end-users (not the default-users like SYS, SYSTEM and so on) with system privileges out of this table. I need the default-users who have system privileges to filter the end-users out of the table

there arent any default users apart from sys and system who have those priveleges

also look in v$pwfile_users

what about:
'DBA',
'EXP_FULL_DATABASE',
'IMP_FULL_DATABASE',
'DELETE_CATALOG_ROLE',
'EXECUTE_CATALOG_ROLE',
'SELECT_CATALOG_ROLE',
'RECOVERY_CATALOG_ROLE',
'RECOVERY_CATALOG_OWNER',
'HS_ADMIN_ROLE',
'AQ_USER_ROLE',
'AQ_ADMINISTRATOR_ROLE'

They all have system privileges in my 11g and I didn't create these users.

And what is the content of that view? I just have SYS in it.

they are roles, not user accounts

Hm...yeah right. What I did is:

select grantee, privilege, admin_option
FROM sys.dba_sys_privs
WHERE grantee NOT IN
(SELECT role from dba_roles)
AND grantee NOT IN ('SYS', 'SYSTEM', 'DBA', 'SYSMAN')

But I'm still gettin an awful lot records like "IX", "OWBSYS", "WKSYS" and so on.

Any Idea how to get my desired result?

No. You need to figure out what it is you are asking for - and have an understanding of the difference between users and roles. You said default users - the ones you just mentioned are exactly that. What are you looking for, specifically?

I am not totally sure but a good place to start is with Petre Finnigan whom I would consider a security guru. He has produced a list of defualt users and passwords which can be found here:
http://www.petefinnigan.com/default/defaul...ssword_list.htm

Lots of good informaiton on his site.

Tim

But all the mentioned users are like default. They were created during the installation. I didn't create any of them. So, there must be some more than SYS and SYSTEM.

This is nonsensical - we know you didn't create them, the fact you listed several shows there is more than sys and system. What is your question or confusion about? Install Oracle and create a seed/test database. You get lots of default users. They have a variety of system and object privileges. What's the question?

My question is: How to get the user accounts which were not created by the database and have system privileges?

The database does not create users other than sys or system. You create other users, or a script/command/tool you choose to run creates them.
http://download.oracle.com/docs/cd/B19306_...te.htm#i1009187

Since you, as the user, are creating additional users, you can control which system privileges are granted. In other words, you created the user, so you tell us what privileges you granted.

It is almost blatantly obvious that if you (manually or otherwise) create users, they are going to have system privileges (via the connect role). What's the point of creating a user if he/she is not going to ever connect to the database? Or create session? In addition to system privileges, which roles were granted?

In other words, you are looking at every user except sys and system, and they're all going to have system privileges of some sort, some more than others - BUT you are the one who decides what these users get. Query the appropriate data dictionary views (or use Toad, and see this quite easily) to list/report what you did.