Conn Internal/oracle
Grant user aaaa identified by AAAA;
Conn AAAA/AAAA will error:
Sql>conn AAAA/AAAA will error:
ERROR:
Ora-01045:user AAAA lacks CREATE SESSION privilege; Logon denied
Reason:
The user needs at least the right to session, or the connection is unsuccessful;
The user shall have the right to have other actions on the right of the session;
Workaround: 1
Grant Connect, resource to AAAA;
2
Grant create session to AAAA;
Oracle's security
First: User Management *******************************************
The user needs at least the right to session, or the connection is unsuccessful;
The user shall have the right to have other actions on the right of the session;
Oracle's user and password is not case-sensitive, it is really surprising;
Oralce, all users must be explicitly authorized in order to operate;
In SQL Server, the user created automatically has some permissions;
Oracle does not rely on the operating system; SQL Server relies on Windows;
Microsoft assumes that most users are legitimate users and take an optimistic attitude;
Oracle first assumes that the user is insecure and takes a pessimistic attitude;
Users in Oracle are isolated from each other, known as user mode;
Built-in Users:
SYS, network administrator, highest authority;
When you try to enter the user name: sys
Password: Universal
After that, you find that the connection is not up;
and enter the user name: System
Password: Universal
or user name: Scott
Password: Tiger
Can be connected, so you think
SYS has no system-high permissions;
In fact, because SYS has a high authority, you have to
DBA identity to login: sys/General as Sysdba
You can use the data dictionary user_users to view the users managed by the current user:
SELECT * from user_users;
Dba_users can view DBA-managed users;
System, manage only the database on this computer ;
And All_users View all users, only the DBA to view;
To create a user:
Create user username identified by password [externally]
[Default TABLESAPCE tablespace name]
[Temporary tablespace temp table space name]
[Quota integer k| m|unlimited on table space name]
Note: The creation user must have DBA authority;
Query users:
is actually the table user_users/dba_users/all_users to query,
Just don't call them a table, a data dictionary, and a data dictionary is a system
maintenance of;
To modify a user:
Alter user.....//back and create the same;
An instance of Oracle is a database that is equivalent to all SQL Server databases;
A database of Oracle is divided into a number of table spaces, each of which corresponds to a database in SQL Server;
Example Demo:
Create User Student_user
Identified by student
Default Tablespace users
Temporary Tablespace Temp
Quota 5m on users
Quota 3m on Temp
/Among them, users,temp are built-in table space, Student_user has 5m space in the users, 3m in temp;
The newly created user is not entitled to:
Sql> Conn Student_user/student;
ERROR:
Ora-01045:user Student_user lacks CREATE SESSION privilege; Logon denied
Warning: You are no longer connected to ORACLE.
Restrict users
Lock: Alter user username account lock;
Effect:
sql> ALTER user Student_user account lock;
The user has changed.
Sql> Conn Student_user/student;
ERROR:
Ora-28000:the account is locked
Warning: You are no longer connected to ORACLE.
Unlock: Alter user username account unlock;
Invalid password: Alter user name password expire; When a user creates a number of tables,
If you delete the user directly, the table below will be deleted, so we can
Only makes its password invalid;
Visible, the table is the user's hand, the user has not, the user created the table, occupy the space is gone;
Therefore, in general, we do not delete users;
To delete a user:
Drop user username [cascade]
Cascade is forced to delete even if someone else is using this user's table;
The database management statement is the automatic end transaction, does not have the rollback opportunity;
Second: Rights Management ***********************************************
Authorization: Grant [System privilege name] [role] [on authorized action table name] to [list of user names]
[Public] [with admin option]
If it is a DCL statement, you do not have to be authorized to manipulate the table name
Grant all on student to public: grants all users all permissions to student;
Data dictionary: User_sys_privs
Oracle creates user Ora-01045:user lacks create SESSION privilege;