Password protecting INTERNAL

Instead of INTERNAL, it is probably best if you create an account for each of these people who will be doing privileged operations, such as shutdown the database. There are two main reasons here. One, you can control security better. This gives you the ability to do independent audits of each account if you wish. And there is no "group" password that needs to be shared which must be changed when someone leaves your group. Two, INTERNAL is no longer available in Oracle 9i. So if you engineer a solution now, you'll have to re-engineer a solution when you upgrade to 9i.

Instead, create individual accounts for these people. They will have their own passwords. Then set REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE in your INIT.ORA. Then create a password file with the ORADIM utility. Then bounce the database. Now sign on as INTERNAL or an account with SYSDBA privileges. To grant the ability to do INTERNAL-type functions to these individual accounts, issue "GRANT sysdba TO the_user;" for each of the users. They will need to sign on to the database 'as sysdba'. For instance:

edcsns18 gast% svrmgrl

Oracle Server Manager Release 3.1.7.0.0 - Production

Copyright (c) 1997, 1999, Oracle Corporation.  All
Rights Reserved.

Oracle8i Enterprise Edition Release 8.1.7.2.0 -
Production
With the Partitioning option
JServer Release 8.1.7.2.0 - Production

SVRMGR> connect my_user as sysdba 

For More Information

• Dozens more answers to tough Oracle questions from Brian Peasland are available.
• The Best Oracle Web Links: tips, tutorials, scripts, and more.
• Have an Oracle or SQL tip to offer your fellow DBAs and developers? The best tips submitted will receive a cool prize. Submit your tip today!
• Ask your technical Oracle and SQL questions -- or help out your peers by answering them -- in our live discussion forums.
• Ask the Experts yourself: Our SQL, database design, Oracle, SQL Server, DB2, metadata, object-oriented and data warehousing gurus are waiting to answer your toughest questions.