該參數是Oracle的一個安全機制, 目的就是為了防止非sysdba訪問系統關鍵數據字典,讓sys用戶成為sysdba, 不能以普通用戶登陸

MOS文檔: What is O7_DICTIONARY_accessIBILITY and how should it be set ? (文檔 ID 206795.1)

中提到:

Versions PRIOR to Oracle 9i:~~~~~~~~~~~~~~~~~~~~~~~~~~~~The default of this parameter is TRUE.

Oracle 9i:~~~~~~~~~~The default of this parameter in 9i is FALSE.The FALSE setting requires login with AS SYSDBA to read the data dictionary, orto be given explicit object grants.

從9i開始, Oracle明確限定該參數的值為FALSE, 強烈不推薦用戶更改該參數

該參數限定了sys用戶必須以sysdba 的身份進行登陸

或許有些很奇葩的需求,例如某位領導說: 我任性,我必須要用sys用戶以普通身份就能登陸,

那么更改該參數,滿足領導吧...

附錄:

該MOS的全文:

QUESTIONS:What does the init.ora parameter named O7_Dictionary_Accessibility do?How does it affect my database, and how should it be set? ANSWERS:The parameter O7_Dictionary_Accessibility can be set to TRUE or FALSE.The affect on your database is different depending on whether you areusing Oracle 9i or a version previous to Oracle 9i.Versions PRIOR to Oracle 9i:~~~~~~~~~~~~~~~~~~~~~~~~~~~~The default of this parameter is TRUE.The dictionary protection mechanism in Oracle 8 prevents unauthorized users from accessing dictionary objects.Access to dictionary objects is restricted to the users with the system privileges SYSDBA and SYSOPER.System privileges providing access to objects in other schemas do not give access to dictionary objects.For example, the SELECT ANY TABLE privilege enables access to views and tablesin other schemas, but it does not enable you to select dictionary objects.If the parameter is set to TRUE, which is the default, access to objects in SYS schema is enabled (Oracle 7 behavior).If this parameter is set to FALSE, system privileges that allow access to objects in other schemas do not allow access to objects in the dictionary schema.For example, if O7_DICTIONARY_ACCESSIBILITY=FALSE, then the SELECT ANY TABLE statement enables access to views or tables in any schema except SYS schema. The system privilege, EXECUTE ANY PROCEDURE enables access on the procedures in any other schema except in SYS schema.Oracle 9i:~~~~~~~~~~The default of this parameter in 9i is FALSE.The FALSE setting requires login with AS SYSDBA to read the data dictionary, orto be given explicit object grants.Warning:~~~~~~~~Oracle has changed from versions 9.0.1 and beyond the default of this parameterto FALSE, and strongly recommends that you do not change back the parameter.In the process of turning Oracle Server secure out of the box, this was one ofthe reasons we decide to change the parameter.This way, you can't login with a "regular" SYS connection anymore to look updata dictionary.Instead, you should set your own dba accounts with appropriate privileges andpassWords.References:~~~~~~~~~~~Oracle University, Oracle 9i New Features For Adminstrators, Chapter 1, OracleServer Security, Page 1-5Oracle University, Oracle 8: Database Administration, Chapter 19, Managing Privileges, Page 19-15