Oracle Study Note : Users and Basic Security

1. view the default user account

1 SQL> select username from dba_users;

2. lock all users and set their password to expired

1 SQL> select ‘alter user ‘|| username || ‘ password expire account lock;’ from dba_users;

3. A locked user can only be accessed by altering the user to an unlocked state

1 SQL> alter user scott account unlock;

4. As a DBA, you can change the password for a user

1 SQL> alter user <username> identified by <new password>;

5. Run this query to display users that have been created by another DBA versus those created by Oracle.For default users,there should be a record in the DEFAULT_PWD$ view.So,if a user doesn’t exist in DEFAULT_PWD$,then you can assume it’s not a default account.

1 SQL> select distinct u.username
2 ,case when d.user_name is null then ‘DBA created account’
3 else ‘Oracle created account’
4 from dba_users u
5 ,default_pwd$ d
6 where u.username=d.user_name(+);

6. You can check the DBA_USERS_WITH_DEFPWD view to see whether any Oracle-created user accounts are still to the default password

1 SQL> select * from dba_users_with_defpwd;

7. Creating a User with Database Authentication

1 SQL> create user user_name identified by password
2 default tablespace users
3 temporaty tablespace temp
4 quote unlimited on users;
5 SQL> grant create session to user_name; #to make the user useful
6 SQL> grant create table to user_name;  #to be able to create tables.
7 SQL> grant create table,create session to user_name identified by password;  #you can also use the GRANT . . . IDENTIFIED BY statement to create a user.

8.Creating a User with OS Authentication

Oracle strongly recommends that you set the OS_AUTHENT_PREFIX parameter to a null string

1 SQL> alter system set os_authent_prefix=’’ scope=spfile;
2 SQL> create user user_name identified externally;
3 SQL> grant create session to user_name;
4 $ sqlplus /   #when user_name logs in to the database server,this user can connect to SQL*Plus.

9. You can alter your current user’s session to point at a different schema via ALTER SESSION statement

1 SQL> alter session set current_schema = hr;

10. Assiging Default Permanent and Temporary Tablespaces

1 SQL> alter user user_name default tablespace tb_name temporary tablespace temp_name;

11. Modifying Password

1 SQL> alter user user_name identified by new_password;

12. SQL*PLUS password command

1 SQL> passw user_name
2 Changing password for user_name
3 New password:

13. Modifying Users

1 SQL> alter user user_name account lock;
2 SQL> alter user user_name quota 500m on users;

14. Dropping Users. Before you drop a user,I recommend that you first lock the user.Locking the user prevents others from connecting to a locked database account.

1 SQL> alter user user_name account lock;
2 SQL> select username,lock_date from dba_users;
3 SQL> alter user user_name account unlock;
4 SQL> drop user user_name;
5 SQL> drop user user_name cascade; #the prior commend won’t work if the user owns any database objects.Use the CASCADE clause to remove a user and have its objects dropped.

15. Password Strength. You can enforce a minimum standard of password complexity by assigning a password verification function to a user’s profile. Oracle supplies a default password verification function that you create by running the following script as the SYS schema

1 SQL> @?/rdbms/admin/utlpwdmg
2 SQL> alter profile default limit PASSWORD_VERIFY_FUNCTION ora12c_verify_function;
3 SQL> alter profile default limit PASSWORD_VERIFY_FUNCTION null; #disable the password function.

16. Limiting Database Resource Usage

1 SQL> alter system set resource_limit=true scope=both;

17. Assigning Database System Privileges

1 SQL> select destinct privilege from dba_sys_privs;
2 SQL> grant create session to user_name  #minimally a user needs CREATE SESSION to be able to connect to the database.
3 SQL> revoke cteate table from user_name;  #to take away privileges.
4 SQL> grant create table to user_name with admin option;  #allows you to grant a system privilege to a user and also give that user the ability to administer a privilege.You can do this with the WITH ADMIN OPTION clause.

18. Assigning Database Object Privileges

1 SQL> grant insert,update,delete,select on object_owner to user_name;
2 SQL> grant insert(id,name,desc) on table_name to user_name  #grants INSERT privileges to specific columns in the table.
3 SQL> grant insert on object_owner to user_name with grant option;  #if you want a user that is being granted object privileges to be able to subsequently grant those same object privileges to other users,then use the WITH GRANT OPTION clause.

19. Grouping and Assigning Privileges

1 SQL> create role role_name;
2 SQL> grant select any table to role_name;
3 SQL> grant role_name to user_name;
时间: 2024-08-29 11:50:46

Oracle Study Note : Users and Basic Security的相关文章

Oracle Study Note : Tablespace and Data Files

1.how to create a tablespace that employs the most common features 1 create tablespace tb_name #create bigfile tablespace tb_name 2 datafile ‘/u01/dbfile/orcl/tb_name.dbf’ 3 size 100m 4 autoextend on maxsize 1000m #don’t recommend use the AUTOEXTEND

Oracle Study之--Oracle 11gR2通过RMAN克隆数据库

Oracle Study之--Oracle 11gR2通过RMAN克隆数据库 Purpose of Database Duplication A duplicate database is useful for a variety of purposes, most of which involve testing. You can perform the following tasks in a duplicate database: Test backup and recovery proc

HotSpot JVM and GC basics study note

Hotspot JVM and GC basics study note JVM components HotSpot JVM comprises three main components: the class loader, the runtime data areas and the execution engine. Key JVM components There are three key components related to tune performance: the hea

Oracle Study之--Oracle等待事件(5)

Oracle Study之--Oracle等待事件(5)  Db file single write这个等待事件通常只发生在一种情况下,就是Oracle 更新数据文件头信息时(比如发生Checkpoint).当这个等待事件很明显时,需要考虑是不是数据库中的数据文件数量太大,导致Oracle 需要花较长的时间来做所有文件头的更新操作(checkpoint).这个等待事件有三个参数:File#: 需要更新的数据块所在的数据文件的文件号.Block#: 需要更新的数据块号.Blocks: 需要更新的数

Oracle Study之-Oracle 11g OCM考试(1)

Oracle Study之-Oracle 11g OCM考试(1) 系统环境:RedHat EL64 Oracle:   Oracle 11gR2       Oracle 11g OCM考试第一题,手工建库,参考文档.参考人员必须对文档非常熟悉,才可以在指定的时间内完成任务. 一.查看系统环境 [[email protected] ~]$ cat .bash_profile # .bash_profile export EDITOR=vi export ORACLE_SID=prod expo

Oracle Study之-AIX6.1构建Oracle 11gR2 RAC(1)

Oracle Study之-AIX6.1构建Oracle 11gR2 RAC(1) 环境: 操作系统: AIX 6100-09(SP3) Cluster: HACMP6.1 集群软件: GI 11.2.0.1 数据库:   Oracle 11.2.0.1 构建AIX平台下RAC 依据共享存储的使用方式可以分两种: 1.建立基于并发卷组(VG concurrent)的共享存储 2.建立基于ASM下的RAW的共享存储         由于本系统阵列(SUN T300)不支持并发存储,不具有reser

Oracle Study之--AIX RAC下OCR磁盘故障(PROT-602)

Oracle Study之--AIX RAC下OCR磁盘故障(PROT-602) ********************************************************************************  Welcome to AIX Version 5.3!                                                **                                                  

My Study Note of JDBC (1)

# JDBC -- The Java™ Tutorials # Study Note of JDBC# victor# 2016.05.31 JDBC Study Note ----connect to database 通常,使用JDBC执行SQL语句需要下面5 个步骤:1> 建立一个连接         | establish a connection2> 构造一条语句         | create a statement3> 执行语句             | execute

Oracle Study之--AIX 6.1安装Oracle 10gR2

Oracle Study之--AIX 6.1安装Oracle 10gR2 1.系统硬件平台 #prtconf |more System Model: IBM,9131-52A   Machine Serial Number: 10367FG   Processor Type: PowerPC_POWER5   Processor Implementation Mode: POWER 5   Processor Version: PV_5_2   Number Of Processors: 2