Oracle Learning (14): Managing user security

--User sql>--Create a user named Grace password is password, the new user does not have any permissions sql> create user grace identified by password; Authentication User: Password authentication method (user name /password) external authentication method (host authentication, i.e. by login username) Global authentication Method (Other way: Biometric authentication mode, token mode) priority order: External validation > Password Authentication-permissions (privilege) User rights are available in two ways: System: Allows a user to perform specific behavior for a database, such as creating a table, creating a user, and so on object: allowing access to and manipulation of a particular subject with the user, such as querying a table under another scenario sql>- -Grant Grace Users System privileges sql>--create session sql> Grant create session to grace; sql>--create tablesql> Grant CREATE table to grace; Sql>--Allocate space (modify user Grace's space is unlimited) sql> alter user grace Quota unlimited on users; Sql>--Object Permissions Sql>--Grant the Grace user sql> grant Select on the EMP to grace of the query for the current user's EMP table;  Sql>--admin option System permissions do not cascade sql>--DBA---Create session--Jeff: Administrator grants Jeff Login permission sql> Grant Create session To Jeff with admin option; Sql>---Jeff---Create session-to-Emi:jeff grants EMI Login Privileges sql> Grant create session to EMI; Sql>-Administrator revoke Jeff's Landing rights, at this time the access rights of EMI is still, will not be cascaded delete sql> revoke create session from Jeff; Sql>--grant OPTION Revoking object permissions results in cascading sql>--Scott-->select oN EMP---> Jeff:scott user granted Jeff permission to query the EMP table sql> grant SELECT on EMP to Jeff with GRANT option; Sql>--jeff:-->select on Scott.emp-Emi:jeff Grant EMI query Scott's EMP table permissions sql> Grant Select on Scott.emp to Emi;sql >--scott revoke Jeff's ability to query the EMP table, and the query permission for EMI is also removed sql> revoke select on EMP from jeff;--role sql>--Remove Role sql> drop Role Hr_clerk; Sql>-Creating a Manager role sql> create role hr_mgr; Sql>--Create a general employee role sql> creating role Hr_clerk; Sql>--Two privileges create session, create tablesql>--grant the general Employee Role Login Permission Sql> grant create session to Hr_clerk; Sql>-Grant the manager permission to create tables and permissions for the normal employee role sql> Grant create Table,hr_clerk to Hr_mgr; Sql>--grant connect,resouce to scott;connect,resouce system-defined roles sql>-Create users and grant permissions (basic functionality that normal users can do) sql>/*sql> Create user ****sql> Grant Connect,resouce to * * *; Sql> */--Profiles and users--each user can only be associated to a profile-profile: Manage account status and password expiration, and control resource consumption;