SYS owns the oracle data dictionary. Every object in the database (tables, views, packages, procedures, etc. ) all have a single owner. For the database dictionary, and a whole lot of special tables (performance views and the like) are all owned by the SYS user.

SYS 拥有 oracle 数据字典。数据库中的每个对象（表、视图、包、过程等）都有一个所有者。对于数据库字典，以及一大堆特殊的表（性能视图等）都归SYS用户所有。

The SYSTEM user is supposed to be the master DBA user, with access to all of these object. This reflects an early, and long time, Oracle security design philosophy. You build the application using one user, then create a second with access (select, update, delete) but not drop privileges. This gives you a "super-user" access to your schema without being able to destroy it accidentally. Over the years, thing have been added to the SYSTEM account that may have needed to be in the SYS account. But very few people want to give out access to their SYS account if they don't have to.

SYSTEM 用户应该是主 DBA 用户，可以访问所有这些对象。这反映了早期且长期的 Oracle 安全设计理念。您使用一个用户构建应用程序，然后创建第二个具有访问权限（选择、更新、删除）但不删除权限的用户。这为您提供了对架构的“超级用户”访问权限，而不会意外破坏它。多年来，系统帐户中可能需要添加到 SYS 帐户中的内容。但是，如果没有必要，很少有人愿意授予对他们 SYS 帐户的访问权限。

SYScan connect AS SYSDBA, SYSTEMcannot.

SYS可以connect AS SYSDBA，SYSTEM不能。

SYSDBAprivilege is required to perform certain administrative tasks, like CREATE DATABASEand DROP DATABASE, and query any tables despite GRANT'ed permissions on them.

SYSDBA执行某些管理任务（例如CREATE DATABASE和DROP DATABASE）以及查询任何表（尽管GRANT对它们具有 'ed 权限）都需要特权。

In fact, whenever you connect as SYSDBA, you become a SYS.

事实上，每当您连接为 时SYSDBA，您就会成为SYS.