We were also asked by security audit team to use individual userid with DBA privilege for database administration so that you know who has done the changes in the database. But my feeling is that you can't track any changes without any auditing on. Thanks, Ashoke ________________________________ From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Niall Litchfield Sent: Monday, October 09, 2006 9:21 AM To: sjaffarhussain@xxxxxxxxx Cc: Oracle-L@Freelists. Org (E-mail) Subject: Re: Difference in SYS user and A user with dba previleges. I'd agree with your security people that you a) change default passwords and b) don't use sys for admin tasks. I'm not sure that I'd be convinced by the argument that system shouldn't be used, but that an identically privileged account should be setup instead. On 10/9/06, Syed Jaffar Hussain <sjaffarhussain@xxxxxxxxx> wrote: Hi List, I am working in an organization where security people asked us not keep the sys and system user passwords, rather create an dba authenticated user with dba prvileges. I know that the user with just dba privileges, can't shutdown and startup the database. However, I believe, on server, we can use 'connect / as sysdba' and do startup and shutdown. Is there anything significant difference between the sys user and a user with dba premission? I mean, dba administration point view. Thanks for your time. -- Best Regards, Syed Jaffar Hussain 8i,9i & 10g OCP DBA I blog at :http://jaffardba.blogspot.com/ http://www.oracle.com/technology/community/oracle_ace/ace1.html#hussain ------------------------------------------------------------------------ ---------- "Winners don't do different things. They do things differently." -- //www.freelists.org/webpage/oracle-l -- Niall Litchfield Oracle DBA http://www.orawin.info