Manage user security in Oracle

Management of user security 1 user Introduction 1. User management is divided into the following aspects (1) creating a user (tablespace) in a specified region (2) Creating a quota to limit Storage

Management of user security 1 user Introduction 1. User management is divided into the following aspects (1) creating a user (tablespace) in a specified region (2) Creating a quota to limit Storage

Manage user security
1. User Introduction
1. User management is divided into the following aspects:
(1) create a user (tablespace) in the specified region ).
(2) create a quota to restrict the use of storage.
(3) Use the description file to restrict the use of resources.
(4) identify users with passwords
(5) Manage the password role through the description file (planting the password and locking the user ).
(6) Assign permissions to roles and assign roles to users
2. database users and Solutions
(1) The solution is a set of all objects belonging to a user.
(2) usernames and case names are common.
(3) One user can only associate with one solution.
(4) When a user is created, the system automatically creates a solution with the same name.
3. Database User Account
(1) A Unique User Name
(2) One Verification Method
(3) A default tablespace
(4) A temporary tablespace
(5) One user profile
(6) A consumer group
(7) one lock status
(8) The quota of each tablespace.
(9) permissions and Roles
3. pre-defined accounts sys and system
(1) SYS account (database owner ):
I. Have DBA Permissions
Ii. All admin option Permissions
Iii. Have startup, shutdown, and several maintenance commands
Iv. Data Dictionary
(2) The SYSTEM account has the DBA permission.
(3) These accounts are not used for regular operations
2. Create and grant permissions to users
1. User Creation
SQL> create user lao identified by lao;
User created
2. grant permissions to users
First, we will introduce two methods of expressing permissions.
(1) System (System permission): allows users to perform specific behaviors on the database, such as creating tables and creating users.
(2) Object (Object permission): allows users to access and operate on a specific Object, for example, querying tables in other solutions
(3) grant the created lao user session permissions:
SQL> grant create session to lao;
Grant succeeded
Cancel session authorization:
SQL> revoke create session from laowang;
Revoke succeeded
(4) If you open this user, you cannot perform any operations. To create a table, you must grant the system permission.
SQL> conn lao/lao;
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.1.0
Connected as lao

Create a system permission for the user lao
Grant create table to lao;
You can insert information to the user.


3. Use and description of object permissions
If we grant permissions under the user lao, Can we access tables of other users under this user? If we execute the statement:
Select * from scott. emp
No query found

If you switch to scott, the result is:
You can access select * from lao. emp.
No permission

Therefore, you should grant an object permission to access each other:
Attach an object permission. Switch to scott and grant the following permissions to lao:
Grant select on emp to lao
You can execute select * from scott. emp under the lao user.

Revoke permission: revoke permission grant revoke on emp from lao

You can also switch to the system user:
Authorization: grant select on scott. emp to lao
You can access information under the lao user.

NOTE: If scott pays the lao user the system permission to create a table, if scott revokes the system permission to create a table, lao also has the permission to create a table, the premise is to grant the lao the following permissions:
Lao red create table with adminss option permission

Create and use a role
(1) create a role
SQL> create role man;
Role created

(2) grant permissions to the role
Grant create session, create table, grant any privilege to man;
(3) grant the role to the lao user
Grant man to lao;
A role has all permissions under this role.

Note: After a user role is granted, you must grant the unlimited tablespace permission to the system to use it.

For more information about Oracle, see the Oracle topic page? Tid = 12