Oracle creates create user and authorizes grant to view logged-in users

Source: Internet
Author: User
Tags dba

Show user;
Select Sys_context (' Userenv ', ' Session_user ') from dual;
Select User from Dual;

To view all logged-on users, you must be a DBA User:
Select username from v$session;

SYS, system, and other DBA users view objects (tables) in other users (test):
Sql> select * from Test.student;


Create a process in which a normal user uses the user:
1. Create user
Sql>create user test indentified by test;
This creates a user with a user name password of test
But this time test still can't log on successfully, we need to give corresponding permission

2. Grant the Create Session permission
Sql>grant create session to test;
This allows the test user to log in successfully.

But at this point the user is still unable to create the table we need to give the user permission to create the table:
Sql>grant CREATE table to test;
However, the user cannot create the table at this time because of the need to have access to the table space (equivalent to the user has the key into the room but not the key to enter the door ...) )

So you should also give the appropriate permissions
Sql>grant unlimited tablespace to test;
At this point, the user has permission to create the table because the table is the corresponding user test, he has the creation of the table and the deletion of the permission to check the change

3. See what permissions a user can have by querying a system view (numeric dictionary)
Sql>select * from User_sys_privs;
This will allow you to know the permissions of the current user

4. Revoke Permissions
Sql> revoke CREATE table from test;

-----------------------------
The distinction of some common views
Dba_tables dba_all_tables user_tables user_all_tables all_tables all_all_tables
All tables to which the current user belongs (note uppercase)
Sql> Select Tablespace_name,table_name from user_all_tables where table_name= ' STUDENT ';
Sql> Select Table_name,tablespace_name from user_tables where table_name= ' STUDENT ';
TABLE_NAME Tablespace_name
------------------------------ ------------------------------
STUDENT USERS

SYS to view dba_all_tables,all_all_tables to see the table for the test user.
Sql> Select Owner,table_name,tablespace_name from dba_all_tables where owner= ' TEST ';
Sql> Select Owner,table_name,tablespace_name from all_all_tables where owner= ' TEST ';
Sql> Select Owner,table_name,tablespace_name from dba_tables where owner= ' TEST ';
Sql> Select Owner,table_name,tablespace_name from all_tables where owner= ' TEST ';
OWNER table_name Tablespace_name
------------------------------ ------------------------------ ------------------------------
TEST STUDENT USERS

1.dba_all_tables describes all object TABLES and relational TABLES in the database. Its columns is the same as those in All_all_tables.
2.all_all_tables describes the object TABLES and relational TABLES accessible to the current user.
3.user_all_tables describes the object TABLES and relational TABLES owned by the current USER. Its columns (except for OWNER) is the same as those in
All_all_tables.
----------------------------------------------------------------------

Scenario One:
User test User Test1
The Test1 user creates a table Mytab and inserts some data
So test user can access to test1 mytab how to access?
A: No, you must first authorize
Test1 must authorize Test:grant Select on Mytab to test;
At this time, test can access the data in Mytab by using SELECT * from Test1.mytab;
If you want to assign all permissions for a table (object) to test, you can:
Grant all on Mytab to test;
Revoke all permissions
Revoke all on mytab to test;



Summarize
For system permissions to be done by SYS
For object permissions by who owns who authorized

System permissions
Grant create session to test;
Grant CREATE table to test;
Grant unlimited tablespace to test;

Revoke create session from test;
Revoke create table from test;
Revoke unlimited tablespase from test;
Grant create session to public; Give everyone permission to create a table
SELECT * from User_sys_privs; Returns all system permissions for the current user

Object permissions
Grant SELECT on Mytab to test;
Grant all on Mytab to test;

Revoke select on Mytab from test;
Revoke all on mytab from test;

SELECT * from User_tab_privs; Returns all object permissions for the current user

Object permissions can be controlled to columns
Grant update (name) on Mytab to test;
Grant Insert (ID) on mytab to test;

SELECT * from User_col_privs;
Note: Queries and deletions cannot be controlled to columns
Insert update insert with commit required

Transfer of permissions
System permissions are passed:
Grant ALTER TABLE to A with admin option;
Then a can pass this permission to B, if you want B can also be passed down so can also take with admin option
Grant ALTER TABLE to B;
Object permissions are passed:
Grant SELECT on Mytab to A with GRANT option;
Then a can give the SELECT permission in table Mytab to B, and if b wants to also pass the SELECT permission can also take with GRANT option
Grant SELECT on Mytab to B;


Users logged in to EM must have permission
Created a user Testem with the following authorization
Create user Testem identified by Testem;
Grant Create session,select any dictionary to Testem; Testem can log in to EM, but it's not an EM admin.
Grant Mgmt_user to Testem;

Non-EM admin: (no option under "admin")


Add EM admin via em login:
Name: Testem
The e-mail address does not define an e-mail address for this administrator.
Super Administrator permissions that have access to all targets.
Database system permissions: SELECT any DICTIONARY
Database role: Mgmt_user

Oracle creates create user and authorized grant to view logged-in users

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.