关于OCP的小知识点,实例受限启动,实例启动的知识点很多,也是OCP学习的重点,需要多看官方文档和多做测试。
Restricting Access to an Instance at Startup
--实例启动限制
You can start an instance, and optionally mount and open a database, in restricted mode so that the instance is available only to administrative personnel (not general database users).
Use this mode of instance startup when you must accomplish one of the following tasks:
--实例启动限制模式适用的场景,一定是我们不希望其他连接访问数据,对数据库数据进行改动,数据备份,loader,临时阻止已经升级迁移会常常使用到。
•Perform an export or import of data
•Perform a data load (with SQL*Loader)
•Temporarily prevent typical users from using data
•Perform certain migration or upgrade operations
Typically, all users with the CREATE SESSION system privilege can connect to an open database. Opening a database in restricted mode allows database access only to users with both the CREATE SESSION and RESTRICTED SESSION system privilege. Only database administrators should have the RESTRICTED SESSION system privilege. Further, when the instance is in restricted mode, a database administrator cannot access the instance remotely through an Oracle Net listener, but can only access the instance locally from the system that the instance is running on.
The following command starts an instance (and mounts and opens the database) in restricted mode:
小实验:
[root@11g-ocp ~]# su - oracle
<11g-ocp:orcl:/home/oracle>$sqlplus / as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Wed Dec 12 18:12:11 2018
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Automatic Storage Management, OLAP and Real Application Testing options
SQL> startup restrict force
ORACLE instance started.
--限制模式启动
Total System Global Area 1870647296 bytes
Fixed Size 2254304 bytes
Variable Size 503319072 bytes
Database Buffers 1358954496 bytes
Redo Buffers 6119424 bytes
Database mounted.
Database opened.
SQL> drop user roidba;
--删除测试用户
User dropped.
SQL> create user roidba identified by roidba;
--创建测试用户
User created.
SQL> grant connect,resource to roidba;
--授权访问
Grant succeeded.
SQL> conn roidba/roidba;
ERROR:
ORA-01035: ORACLE only available to users with RESTRICTED SESSION privilege
--登陆报错,缺少系统权限restricted session
Warning: You are no longer connected to ORACLE.
SQL> conn / as sysdba
Connected.
SQL> grant restricted session to roidba;
Grant succeeded.
--授予系统权限restricted session
SQL> conn roidba/roidba
Connected.
--使用roidba连接数据库,成功
SQL> conn / as sysdba
Connected.
SQL> revoke restricted session from roidba;
--收回权限
Revoke succeeded.
SQL> alter system disable restricted session;
--取消限制
System altered.
SQL> conn roidba/roidba;
--收回权限和取消限制抵消,可以继续登陆
Connected.
SQL>
这些都是OCP的小知识点,大家有时间多做测试。一定要多动手,多看文档,多思考。