Create a user, role, authorization, and create a tablespace instance in Oracle (1/2)

New users ask me about SQL statements or instances for creating users, roles, authorization, and tablespace in Oracle. Let's take a look at this article.

Each oracle user has a name and password, and has tables, views, and Other Resources created by it. An oracle role is a set of permissions (privilege) (or the access type required by each user based on their status and conditions ). You can grant or assign the specified permissions to the role and then assign the role to the corresponding user. One user can also directly authorize other users.

1. Create a user

Syntax for creating a user in Oracle:

The Code is as follows:

Copy code

You can run the create user command to CREATE a USER (password verification USER) in Oracle. Create user username identified by password OR IDENTIFIED EXETERNALLY Or identified globally as 'cn = user' [Default tablespace tablespace] [Temporary tablespace temptablespace] [QUOTA [integer K [M] [UNLIMITED] ON tablespace [, QUOTA [integer K [M] [UNLIMITED] ON tablespace [PROFILES profile_name] [Password expire] [Account lock or account unlock]

Where,

Create user username: USER name, which is generally in the alphanumeric format and the "#" and "_" symbols.

Identified by password: the user's password, which is generally in the alphanumeric format and "#" and.

Identified exeternally: indicates that the user name is verified under the operating system. The user name must be the same as the user name defined in the operating system.

Identified globally as 'cn = user': the user name is verified by the Oracle Security Domain Center Server. The CN name indicates the user's external name.

[Default tablespace tablespace]: The default tablespace.

[Temporary tablespace tablespace]: The default temporary tablespace.

[QUOTA [integer K [M] [UNLIMITED] ON tablespace: the number of bytes in a table space that you can use.

[PROFILES profile_name]: name of the resource file.

[Password expire]: Set the PASSWORD to expired immediately. You must change the PASSWORD before logging on again.

[Account lock or account unlock]: whether the user is locked. By default, it is not locked.

Oracle has two users: system and sys. Users can directly log on to the system user to create other users, because the system has the permission to create other users. When installing oracle, the user or system administrator can first create a user for himself. For example:

Create user user01 identified by u01;

This command can also be used to set other permissions. For more information, see self-learning materials. To change a password, run the alter user command:

Alter user user01 identified by usr01;

Now the user01 password has been changed from "u01" to "usr01 ".

In addition to the alter user command, you can also use the password command. If you use the password command, the new password is not displayed on the screen. Users with the dba privilege can use the password command to change the passwords of any other users. Other users can only change their own passwords.

When you enter the password command, the system prompts you to enter the old and new passwords, as shown below:

Password
Changing password for user01
Old password:
New password:
Retype new password:

When the password is successfully modified, the user will receive the following feedback:

Password changed

Ii. delete a user

To delete a user, run the drop user command as follows:

Drop user user01;

If you have an object, you cannot delete it directly. Otherwise, an error value is returned. Specify the keyword cascade to delete all objects of a user and then delete the user. The following example deletes a user and an object:

Drop user user01 cascade;

3. Three standard roles

To be compatible with earlier versions, qracle provides three standard roles: connect, resource, and dba.

1. connect role (connection role)

Temporary users, especially those who do not need to create tables, usually only give them connectrole. Connect is a simple permission for using oracle. This permission can be meaningful only when you have access to tables of other users, including select, insert, update, and delete. Users with connect role can also create tables, views, sequences, clusters, synonyms (synonym), and sessions) and link with other databases ).

2. resource role (resource role)

Resource role can be granted to more reliable and formal database users. Resource provides users with additional permissions to create their own tables, sequences, procedures, triggers, indexes, and clusters ).

3. dba role (database administrator role)

Dba role has all system permissions, including unlimited space limits and the ability to grant various permissions to other users. System is owned by dba users. The following describes some typical permissions frequently used by DBAs.

(1) grant (authorization) command

Run the following command to grant permissions to user01:

Grant connect, resource to user01;

(2) revoke (UNDO) Permission

The granted permissions can be revoked. For example, to revoke the authorization in (1), run the following command:

Revoke connect, resource from user01;

A user with a dba role can revoke the connect, resource, and dba permissions of any other users or even other DBAs. Of course, this is very dangerous. Therefore, unless necessary, dba permissions should not be granted to general users who are not very important. Revoking all permissions of a user does not mean that the user is deleted from oracle, nor does it damage any table created by the user; it simply disallow access to these tables. Other users who want to access these tables can access these tables as before. 1 2