Oracle Database 18c – Schema only Accounts

From 18c onwards,  now you can create schema without a password. These are called “Schema Only Accounts”.  These account don’t allow direct connections but can proxy in a single session proxy. This new feature can  allow administrators to further secure their databases by not allowing direct connections to application schemas for any reason. There are few points to note:

  • Schema only accounts can be used for both administrator and non-administrator accounts.
  • You can grant system privileges ( create ant table)  and admin roles (like DBA) to schema only accounts.  But note that administrative privileges like sysdba/sysoper/sysasm   can’t be granted to schema only accounts.
  • Schema only accounts can’t connect through db links.
  • Schema only accounts can be created for database instance only. Same is not valid for ASM environment.

Continue reading → Oracle Database 18c – Schema only Accounts

Oracle 12c – SYS/SYSTEM accounts are incorrectly listed in DBA_USERS_WITH_DEFPWD

After creation of a new 12c database, the SYS and SYSTEM accounts are listed in DBA_USERS_WITH_DEFPWD even though the accounts were created with non-default passwords. Setting the same passwords again with ALTER USER correctly recognises that the accounts do not have default passwords. Continue reading → Oracle 12c – SYS/SYSTEM accounts are incorrectly listed in DBA_USERS_WITH_DEFPWD