-- User SQL> -- create a user named "grace" whose password is password. The new user does not have any permissions. SQL> create user grace identified by password; Verify the user: password Authentication Method (User Name/password) external authentication method (Host Authentication, that is, through the Login User Name) Global authentication method (Other Methods: Biological authentication method, token method) Priority Order: external verification> password verification-permission (privilege) user permissions can be divided into two types: System: allows users to execute specific actions on the database, such as creating tables, creating users and other objects: allows users to access and operate on a specific object, for example: query SQL statements for tables in other scenarios> -- grant the system permission to the grace user SQL> -- create session SQL> grant create session to grace; SQL> -- create tableSQL> grant create table to grace; SQL> -- allocate space (change the user's grace space to unlimited) SQL> alter user grace quota unlimited on users; SQL> -- Object permission SQL> -- grant the query permission of the current user's emp table to the grace user SQL> grant select on emp to grace; SQL> -- admin option system permission does not cascade SQL> -- DBA --> create session --> jeff: the Administrator grants jeff the login permission SQL> grant create session to jeff with admin option; SQL> -- jeff --> create session --> emi: jeff grants emi logon permission. SQL> grant create session to emi; SQL> -- the Administrator revokes jeff's login permission, at this time, the emi login permission is still in place and the SQL> revoke create session from jeff; SQL> -- grant option revoking the object permission will generate cascading SQL> -- scott --> select on emp ---> jeff: the scott User grants jeff the permission to query emp tables. SQL> grant select on emp to jeff with grant option; SQL> -- jeff: --> select on scott. emp --> emi: jeff grants emi the permission to query scott's emp table. SQL> grant select on scott. emp to emi; SQL> -- scott revokes jeff's permission to query the emp table. In this case, the emi query permission is also deleted. SQL> revoke select on emp from jeff; -- role (role) SQL> -- delete role SQL> drop role hr_clerk; SQL> -- create manager role SQL> create role hr_mgr; SQL> -- create common employee role SQL> create role hr_clerk; SQL> -- two permissions: create session and create tableSQL> -- grant the logon permission to the common employee role SQL> grant create session to hr_clerk; SQL> -- grant the manager the permission to create tables and general employee roles SQL> grant create table, hr_clerk to hr_mgr; SQL> -- grant connect, resouce to scott; connect, SQL> -- create a user and grant permissions to the role defined by the resouce system. SQL>/* SQL> create user *** SQL> grant connect, resouce to ***; SQL> */-- profile and user-each user can only be associated with one profile-profile: manage account status and password validity period; control resource consumption;