Introduction to Oracle user permissions and role management

Oracle user permission refers to a set of executable operations in the Oracle role. In fact, each Oracle user has a name and password, and can create tables, attempts, and resources. Grant a role to the corresponding user, and these users have these permissions. At the same time, these users can also grant permissions to other users.

Database System privileges Database System Privilege) allows users to execute specific command sets. For example, the Oracle user permission of create table allows users to CREATE tables, and grant any privilege permission allows users to grant any system permissions.

Database Object permission Database Object Privilege) allows you to perform certain operations on each Object. For example, the DELETE permission allows you to DELETE rows in a table or view. The SELECT permission allows you to query information from a table, view, sequence sequences, or snapshot snapshots through the select permission.

1. Create a user

Oracle has two users: SYSTEM and SYS. Users can directly log on to the SYSTEM user to create other users, because the SYSTEM has the permission to create other Oracle users. When installing Oracle, the user or system administrator can first create a user for himself. For example:

Create user user01 identified by u01;

This command can also be used to set other permissions. For more information, see self-learning materials. To change a password, run the alter user command:

Alter user user01 identified by usr01;

Now the user01 password has been changed from "u01" to "usr01 ".

In addition to the alter user command, you can also use the password command. If you use the password command, the new password is not displayed on the screen. Users with the dba privilege can use the password command to change the passwords of any other users. Other users can only change their own passwords.

When you enter the password command, the system prompts you to enter the old and new passwords, as shown below:

 
 

  
  
password 
  
  
 
  
  
Changing password for user01  
  
  
 
  
  
Old password:  
  
  
 
  
  
New password:  
  
  
 
  
  
Retype new password: 
 
 

When the password is successfully modified, the user will receive the following feedback:

Password changed

Ii. delete a user

To delete a user, run the drop user command as follows:

Drop user user01;

If you have an object, you cannot delete it directly. Otherwise, an error value is returned. Specify the keyword CASCADE to delete all objects of a user and then delete the user. The following example deletes a user and an object:

Drop user user01 CASCADE;

3. Three standard roles

Oracle provides three standard roles to be compatible with earlier versions): CONNECT, RESOURCE, and DBA.

1. CONNECT Role (connection Role)

Temporary users, especially those who do not need to create tables, usually only give them CONNECTrole. CONNECT is a simple permission for using Oracle. This permission can be meaningful only when you have access to tables of other users, including select, insert, update, and delete. Users with CONNECT role can also create tables, views, sequence), cluster), synonym, session sessions, and link with other databases ).

2. RESOURCE Role (RESOURCE Role)

RESOURCE role can be granted to more reliable and formal database users. RESOURCE provides users with additional permissions to create their own tables, sequences, process procedure), trigger triggers), index indexes) and cluster ).

3. DBA Role (database administrator Role)

DBA role has all system permissions, including unlimited space limits and the ability to grant various permissions to other users. SYSTEM is owned by DBA users. The following describes some typical permissions frequently used by DBAs.

1) grant authorization) command

Run the following command to grant permissions to user01:

Grant connect, resource to user01;

2) revoke the revoke permission.

The granted permissions can be revoked. For example, to revoke the authorization in 1), run the following command:

Revoke connect, resource from user01;

A user with a DBA role can revoke the CONNECT, RESOURCE, and DBA permissions of any other users or even other DBAs. Of course, this is very dangerous. Therefore, unless necessary, DBA permissions should not be granted to general users who are not very important.

Revoking all permissions of a user does not mean that the user is deleted from Oracle, nor does it damage any table created by the user; it simply disallow access to these tables. Other users who want to access these tables can access these tables as before.

4. Create a role

In addition to the three system roles-CONNECT, RESOURCE, and DBA, you can also create your own role in Oracle. A role created by a user can be composed of a table or system permission or a combination of the two. To CREATE a role, you must have the create role system permission. The following is an example of the create role command:

Create role STUDENT;

This command creates a role named STUDENT.

Once a role is created, the user can authorize it. The syntax of the grant command authorized to role is the same as that for the user. When authorizing a role, you must use the role name in the to clause of the grant command, as shown below:

Grant select on CLASS to STUDENT;

Now, all users with the STUDENT role have the select permission on the CLASS table.

5. delete a role

To delete a role, run the drop role command as follows:

Drop role STUDENT;

The specified role along with related Oracle user permissions will be deleted from the database.

1. Create and assign Oracle user permissions
2. Quick query of Oracle Default usernames and passwords
3. Unlock an Oracle user on the command line
4. Authorization and management for five Oracle users
5. Five-minute master of Oracle tablespace