As discussed previously, RMAN requires that you use a database user with SYSDBA privileges. Whether I’m running RMAN from the command line or invoking RMAN in a script, in most scenarios, I connect directly as SYS to the target database. For example, here is how I connect to RMAN from the command line:
$ rman target /
Some DBAs don’t use this approach; they opt to set up a user separate from SYS and cite security concerns as a rationale for doing this.
I prefer to use the SYS account directly, because when connecting to RMAN locally on the server, there is no need to specify a username and password. This means that you never have to hard-code usernames and passwords into any backup scripts or specify a username and password on the command line that can be viewed by rogue developers or managers looking over your shoulder.