patternMinor
Locking SYS and SYSTEM Accounts
Viewed 0 times
systemsyslockingandaccounts
Problem
In the interest of keeping the database as secure as possible, I'd like to lock the SYS and SYSTEM accounts so that no one can login with them.
Assuming that:
Will locking these two accounts have any adverse effects? Has anyone done this before who can comment on whether or not it's a good idea?
Assuming that:
- There are no OS scripts/cron jobs logging in as SYS or SYSTEM
- There aren't any applications or outside utilities using either of these accounts
- I can always login "/ as sysdba" with the proper OS account
Will locking these two accounts have any adverse effects? Has anyone done this before who can comment on whether or not it's a good idea?
Solution
Lock them both (
On a day to day basis you should be using named user accounts that have
Tom Kyte recommends doing it, so you can always blame him if something does go wrong :-)
SYS and SYSTEM). You shouldn't need to use them day-to-day, nothing will break.On a day to day basis you should be using named user accounts that have
SYSDBA or SYSOPER.Tom Kyte recommends doing it, so you can always blame him if something does go wrong :-)
Context
StackExchange Database Administrators Q#117036, answer score: 4
Revisions (0)
No revisions yet.