Password File management in 12C/19C
2 min readBelow are the list of additional privileged user in 12c apart from the privileged user SYSOPER, SYSDBA, SYSASM.
SYSBACKUP : It will be used to perform all backup and recovery related operations either via RMAN or SQL*PLUS.
SYSDG : It is in place to separate the Data Guard related operations from other activities.
SYSKM : It will be responsible for all TDE (Transparent Data Encryption) and Data Vault related administrative operations.
Password File Creation In 12c :
The option to include these new privileges has been added to the orapwd utility.
orapwd file=<fname> password=<password> entries=<users> force=<y/n> sysbackup=<y/n> sysdg=<y/n> syskm=<y/n>
Ex: orapwd FILE='$ORACLE_HOME/dbs/orapwinitsid.ora' entries=10 sysbackup=y
where
file - name of password file (required),
password - password for SYS (optional),
entries - maximum number of distinct DBA (required),
force - whether to overwrite existing file (optional),
ignorecase - passwords are case-insensitive (optional),
nosysdba - whether to shut out the SYSDBA logon
Once you re-create the password file, you will have to grant the SYSDBA and SYSOPER privileges to those database users who previously had those privileges.
The dynamic performance view V$PWFILE_USERS lists all the database users who have one of the six available privileges, as shown here:
SQL> select * from v$pwfile_users;
To create a password file with the system password set to “oracle1” for an Oracle database, you typically use the orapwd utility. This utility is used to create and manage password files that are used by Oracle for authentication of privileged users.
Here are the steps to create the password file:
- Run the
orapwdutility:
Use theorapwdcommand to create the password file. You will need to provide the file name, the password, and the SID (System Identifier) of the database.
orapwd file=$ORACLE_HOME/dbs/orapw<SID> password=oracle1 entries=10
Replace <SID> with your actual database SID. For example, if your SID is ORCL, the command would be:
orapwd file=$ORACLE_HOME/dbs/orapwORCL password=oracle1 entries=10
Here:
filespecifies the path and name of the password file.passwordspecifies the password for the SYS user.entriesspecifies the maximum number of distinct database users allowed.
Example on Unix/Linux:
- Open a terminal.
- Execute the following command (replace
<SID>with your database SID):
orapwd file=$ORACLE_HOME/dbs/orapw<SID> password=oracle1 entries=10
Example on Windows:
- Open a command prompt.
- Execute the following command (replace
<SID>with your database SID):
orapwd file=%ORACLE_HOME%\database\orapw<SID> password=oracle1 entries=10
Verifying the Password File:
After creating the password file, you can verify its existence by navigating to the directory specified in the file parameter and checking for the file. For example:
ls $ORACLE_HOME/dbs/orapw<SID>
or on Windows:
dir %ORACLE_HOME%\database\orapw<SID>
If the file exists, your password file has been successfully created.
