Starting with Oracle 12c three new administrative roles and users have been introduced to conform the principle of access to the least privilege. The users and roles named SYSBACKUP, SYSDG and SYSKM will be created when the database is created with their account in expired and locked status. SYSBACKUP is used to perform backup and recovery operations from either Oracle Recovery Manager (RMAN) and or through SQL*Plus – you can see all privileges within the Oracle documentation.
If a Oracle 12c is detected on the client system, Data Protector A.10.01 and later now automatically uses sqlplus user/password@SID AS SYSBACKUP as the connection string to the database. As a result you may encounter the following backup issue after a Data Protector client or a Oracle database upgrade.
ORA-01031: insufficient privileges CONNECT: sys/*****@SID [Major] From: ob2rman@oracle.domain.lan "" Time: 05/15/18 18:15:21 Backup of target database failed.
Older Oracle databases (10g, 11i) do not require changes as they will continue to use SYSDBA.
This can be changed using the omnirc variable OB2_ORACLE_USE_SYSDBA=1 on the database server if you are not able to adopt these changes immediately. Starting with Data Protector A.10.03 the following command can be used to push this parameter to the client system. A restart of the services is not required.
omnicc -update_omnirc OB2_ORACLE_USE_SYSDBA -value 1 ClientFQDN