orapwd command line utility assists the DBA with
granting SYSDBA and SYSOPER privileges to other users. By
default, the user SYS is the only user that has these privileges that
are required to use orapwd.
Creating a password file via orapwd
remote users to connect with administrative privileges through
Using orapwd gives other users the Oracle super user
The SYSOPER privilege allows instance startup,
shutdown, mount, and dismount. It allows the DBA to perform
general database maintenance without viewing user data. The
SYSDBA privilege is the same as
was in prior versions.
It provides the ability to do everything, unrestricted.
orapwd has not yet
been executed, attempting to grant SYSDBA or SYSOPER privileges will
result in the following error:
SQL> grant sysdba to scott;
ORA-01994: GRANT failed: cannot add users to
public password file
The following steps can be performed to grant other
users these privileges:
SQL> show parameter password
----------------------------- ----------- ----------
SQL> select * from v$pwfile_users;
------------------------------ ------ -------
Now the user SCOTT can
connect as SYSDBA.
Administrative users can be connected and
authenticated to a local or remote database by using the SQL*Plus
command. They must connect using their username and password,
and with the AS SYSDBA or AS SYSOPER clause:
SQL> connect scott/tiger as sysdba;
The DBA utilizes the
orapwd utility to grant SYSDBA and SYSOPER
privileges to other database users. The SYS password should
never be shared and should be highly classified.
Orapwd with case
In the past, many people were not aware of the
simple fact that Oracle passwords were not case-sensitive.
In Oracle 11g, passwords became case-sensitive.
The Oracle 11g password file can store passwords as
case-sensitive or case-insensitive.
The password file creation
utility evaluates the new parameter
ignorecase to allow case-sensitive
passwords or restrict passwords to case insensitivity. In order to
create a password file with orapwd, which allows case-sensitive
passwords, set ignorecase to N.
[oracle@rhas4 ~]$ orapwd help=y
orapwd file=<fname> password=<password> entries=<users>
file - name
of password file (required),
password for SYS (optional),
maximum number of distinct DBA (required),
force - whether to overwrite existing file (optional),
ignorecase - passwords are case-insensitive (optional),
nosysdba - whether to shut out the SYSDBA logon (optional Database
There must be no spaces around the equal-to (=)
Get the Complete
Oracle Utility Information
The landmark book
Utilities The Definitive Reference" contains over 600 pages of
filled with valuable information on Oracle's secret utilities.
This book includes scripts and tools to hypercharge Oracle 11g
performance and you can
for 30% off directly from the publisher.