What are the differences between the Oracle SYS and SYSTEM built in accounts?
Edit: Apart from 3 letters!
What are the differences between the Oracle SYS and SYSTEM built in accounts?
Edit: Apart from 3 letters!
SYS owns the oracle data dictionary. Every object in the database (tables, views, packages, procedures, etc. ) all have a single owner. For the database dictionary, and a whole lot of special tables (performance views and the like) are all owned by the SYS user.
The SYSTEM user is supposed to be the master DBA user, with access to all of these object. This reflects an early, and long time, Oracle security design philosophy. You build the application using one user, then create a second with access (select, update, delete) but not drop privileges. This gives you a "super-user" access to your schema without being able to destroy it accidentally. Over the years, thing have been added to the SYSTEM account that may have needed to be in the SYS account. But very few people want to give out access to their SYS account if they don't have to.
SYS
can connect AS SYSDBA
, SYSTEM
cannot.
SYSDBA
privilege is required to perform certain administrative tasks, like CREATE DATABASE
and DROP DATABASE
, and query any tables despite GRANT
'ed permissions on them.
In fact, whenever you connect as SYSDBA
, you become a SYS
.