Oracle startup in restricted mode

關于OCP的小知識點，實例受限啟動，實例啟動的知識點很多，也是OCP學習的重點，需要多看官方文檔和多做測試。
Restricting Access to an Instance at Startup 
--實例啟動限制

You can start an instance, and optionally mount and open a database, in restricted mode so that the instance is available only to administrative personnel (not general database users).
Use this mode of instance startup when you must accomplish one of the following tasks:
--實例啟動限制模式適用的場景，一定是我們不希望其他連接訪問數據，對數據庫數據進行改動，數據備份，loader，臨時阻止已經升級遷移會常常使用到。

?Perform an export or import of data
?Perform a data load (with SQL*Loader)
?Temporarily prevent typical users from using data
?Perform certain migration or upgrade operations

Typically, all users with the CREATE SESSION system privilege can connect to an open database. Opening a database in restricted mode allows database access only to users with both the CREATE SESSION and RESTRICTED SESSION system privilege. Only database administrators should have the RESTRICTED SESSION system privilege. Further, when the instance is in restricted mode, a database administrator cannot access the instance remotely through an Oracle Net listener, but can only access the instance locally from the system that the instance is running on. 

The following command starts an instance (and mounts and opens the database) in restricted mode:

小實驗：
[root@11g-ocp ~]# su - oracle
<11g-ocp:orcl:/home/oracle>$sqlplus / as sysdba

SQL*Plus: Release 11.2.0.4.0 Production on Wed Dec 12 18:12:11 2018

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Automatic Storage Management, OLAP and Real Application Testing options

SQL> startup restrict force 
ORACLE instance started.
--限制模式啟動

Total System Global Area 1870647296 bytes
Fixed Size                  2254304 bytes
Variable Size             503319072 bytes
Database Buffers         1358954496 bytes
Redo Buffers                6119424 bytes
Database mounted.
Database opened.
SQL> drop user roidba;
--刪除測試用戶

User dropped.

SQL> create user roidba identified by roidba;
--創建測試用戶

User created.

SQL> grant connect,resource to roidba;
--授權訪問

Grant succeeded.

SQL> conn roidba/roidba;
ERROR:
ORA-01035: ORACLE only available to users with RESTRICTED SESSION privilege
--登陸報錯，缺少系統權限restricted session 

Warning: You are no longer connected to ORACLE.
SQL> conn / as sysdba
Connected.
SQL> grant restricted session to roidba;

Grant succeeded.
--授予系統權限restricted session 

SQL> conn roidba/roidba
Connected.
--使用roidba連接數據庫，成功

SQL> conn / as sysdba
Connected.
SQL> revoke restricted session from roidba;
--收回權限

Revoke succeeded.

SQL> alter system disable restricted session;
--取消限制

System altered.

SQL> conn roidba/roidba;
--收回權限和取消限制抵消，可以繼續登陸
Connected.
SQL> 

這些都是OCP的小知識點，大家有時間多做測試。一定要多動手，多看文檔，多思考。