How user could connect SysDBA?

StackOverflow https://stackoverflow.com/questions/14623402

Question

We Start Oracle AUDIT and Onlogon Procedure Auditing on our Database. We Confused, What SysDBA could connect to System. Is SysDBA Oracle User? In SQL*Plus has a command for this acction?

Our On Logon PL/SQL code

CREATE OR REPLACE TRIGGER logon_audit_trigger AFTER LOGON ON DATABASE
...
   insert into logon_log
   (user_id       ,
     session_id    ,
     sid   ,
     serial#  ,
     host          ,
     ip_address  ,
     last_action   ,
     last_module   ,
     logon_day     ,
     logon_time    ,
     logoff_day    ,
     logoff_time   ,
     elapsed_minutes,
     elapsed_seconds)
   values(
     user,
     sys_context('USERENV','SESSIONID'),
     sys_context('USERENV','SID'),
     dbms_debug_jdwp.current_session_serial,
     sys_context('USERENV','HOST'),
     sys_context('USERENV','IP_ADDRESS'),
     action_name,
     module_name,
     lo_dt,
     to_char(lo_dt, 'hh24:mi:ss'),
     null,
     null,
     null,
     null
  );

Select * From logon_log

USER_ID          SESSION_ID     SID    SERIAL#  HOST          IP_ADDRESS         LAST_MODULE      LOGON_DAY
JOHN               393900       282    1186     ERO\APPS      192.168.1.103      frmweb.exe       1/31/2013 9:27:49 AM
JOHN               393903       189    1005     ERO\SECC      192.168.1.110      SQL*Plus         1/31/2013 9:28:12 AM
JOHN               393929       167    288      ERO\SECC      192.168.1.110      plsqldev.exe     1/31/2013 9:38:37 AM
JOHN               393930       198    858      ERO\SECC      192.168.1.110      plsqldev.exe     1/31/2013 9:38:37 AM
JOHN               393983       179    6066     ERO\SECC      192.168.1.110      frmbld.exe       1/31/2013 9:58:21 AM
JOHN               393987       182    231      ERO\SECC      192.168.1.110      frmbld.exe       1/31/2013 9:59:17 AM
JOHN               393941       278    1429     ERO\SECC      192.168.1.110      plsqldev.exe     1/31/2013 9:42:26 AM
JOHN               394060       305    1337     ERO\SECC      192.168.1.110      plsqldev.exe     1/31/2013 10:36:34 AM
JOHN               394129       261    5236     ERO\SECC      192.168.1.110      plsqldev.exe     1/31/2013 11:16:40 AM
JOHN               394196       269    783      ERO\SECC      192.168.1.110      SQL*Plus         1/31/2013 11:58:20 AM
JOHN               394199       309    701      ERO\APPS      192.168.1.103      frmweb.exe       1/31/2013 12:00:04 PM
JOHN               394240       196    578      ERO\SECC      192.168.1.110      SQL*Plus         1/31/2013 12:28:53 PM
JPHN               394243       248    702      ERO\SECC      192.168.1.110      frmbld.exe       1/31/2013 12:30:56 PM
SysDBA             394249       196    580      ERO\SECC      192.168.1.110                       1/31/2013 12:31:56 PM
JOHN               394252       248    704      ERO\SECC      192.168.1.110      frmbld.exe       1/31/2013 12:32:57 PM
JOHN               394259       248    706      ERO\SECC      192.168.1.110      frmbld.exe       1/31/2013 12:35:29 PM
JOHN               394263       196    587      ERO\SECC      192.168.1.110      SQL*Plus         1/31/2013 12:36:49 PM
SysDBA             394264       196    589      ERO\SECC      192.168.1.110                       1/31/2013 12:37:07 PM

Why UserID is SysDBA?

Additional Data:

Select * From DBA_USER

USERNAME               SysDBA
USER_ID                390
PASSWORD               BD40E271960C5535
ACCOUNT_STATUS         OPEN
LOCK_DATE   
EXPIRY_DATE 
DEFAULT_TABLESPACE     USERS
TEMPORARY_TABLESPACE   TEMP
CREATED                8/1/2012 10:28:51 AM
PROFILE                DEFAULT
INITIAL_RSRC_CONSUMER_GROUP     DEFAULT_CONSUMER_GROUP
EXTERNAL_NAME
Was it helpful?

Solution

You are not seeing quite what you think. You asked 'Is SysDBA Oracle User?', and the answer to that is 'No'. SYSDBA is a system privilege, not a predefined user account provided by Oracle. Users granted that privilege can connect with administrative privileges, like:

connect / as sysdba

That is a very different thing to how your SysDBA user can connect:

connect "SysDBA"/sysdba

The user has been created within your database by someone in your organisation; it is not a default Oracle account, they are completely unrelated, although I suppose it's conceivable it could also have been granted SYSDBA privileges just to really mess with you. (And yes, that really is the password I'm afraid).

Also note that it has been created with mixed case, which means it needs to be quoted when used outside a query. You can do:

select * from dba_users where username = 'SysDBA';

... but if you aren't referring to a table column value it has to be quoted, as shown in the connect above and in things like alter user:

alter user "SysDBA" account lock;

It looks like it's probably an internal account for an application, and one that isn't setting the module (v$session.program?) via an dbms_application_info call - so perhaps an in-house application. If so you might be able find out why it's there and what it's doing, and why it's been given a confusing name, but locking it might cause problems for whoever is running that application.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top