Embed Size (px)
DESCRIPTION
Managing Users. Objectives. Creating new database users Altering and dropping existing database users Monitoring information about existing users. Users and Security. Default tablespace. Account locking. DBA defines users who can access db - PowerPoint PPT Presentation
Citation preview
1717
Managing UsersManaging Users
17-17-22
ObjectivesObjectives
• Creating new database users
• Altering and dropping existing database users
• Monitoring information about existing users
• Creating new database users
• Altering and dropping existing database users
• Monitoring information about existing users
17-17-33
Accountlocking
Tablespacequotas
Temporarytablespace
Defaulttablespace
Roleprivileges
Resourcelimits
Securitydomain
Users and SecurityUsers and Security
Directprivileges
Authenticationmechanism
•DBA defines users DBA defines users who can access dbwho can access db
•Security domain Security domain defines the settings defines the settings that apply to usersthat apply to users
17-17-44
Tables
- Triggers
- Constraints
Indexes
Views
Sequences
Stored program units
Synonyms
User-defined data types
Database links
Database Schema(Some of the objects a user can own)
Database Schema(Some of the objects a user can own)
•Schema: named Schema: named collection of objects like collection of objects like tables, views, tables, views, procedures, etc.procedures, etc.
•When a user is created When a user is created a schema with same a schema with same name is createdname is created
•Hence username and Hence username and schema name used schema name used interchangeablyinterchangeably
17-17-55
Checklist for Creating Users(Developers not end users)
Checklist for Creating Users(Developers not end users)
1. Choose a username and authentication mechanism.
2. Identify tablespaces in which theuser needs to store objects.
3. Decide on quotas for eachtablespace.
4. Assign default tablespace and temporary tablespace.
5. Create a user.
6. Grant privileges and roles to the user.
1. Choose a username and authentication mechanism.
2. Identify tablespaces in which theuser needs to store objects.
3. Decide on quotas for eachtablespace.
4. Assign default tablespace and temporary tablespace.
5. Create a user.
6. Grant privileges and roles to the user.
17-17-66
Creating a New User: Server AuthenticationCreating a New User: Server Authentication
Set the initial password:Set the initial password:
CREATE USER peterIDENTIFIED BY my1stsonDEFAULT TABLESPACE data01TEMPORARY TABLESPACE tempQUOTA 15m ON data01 PASSWORD EXPIRE;
CREATE USER peterIDENTIFIED BY my1stsonDEFAULT TABLESPACE data01TEMPORARY TABLESPACE tempQUOTA 15m ON data01 PASSWORD EXPIRE;
Expires at login forcing user to change passwordExpires at login forcing user to change password
17-17-77
Remote Login
Possible
Creating a New User: Operating System Authentication
(User logs on to machine running Oracle server)
Creating a New User: Operating System Authentication
(User logs on to machine running Oracle server)
OS_AUTHENT_
PREFIX
OS_
empty string
“ “
OPS$
(default)
Database
User
OS_USER15
USER15
OPS$USER15
(default)
Use OS_AUTHENT_PREFIX (in parameter file)
Example: O/S User = user15;
Use OS_AUTHENT_PREFIX (in parameter file)
Example: O/S User = user15;
No
No
Yes
CreateCreate
OracleOracle
User:User:
OS_user15OS_user15
17-17-88
Creating a New User: Operating System Authentication
(User logs on to machine running Oracle server)
Creating a New User: Operating System Authentication
(User logs on to machine running Oracle server)
E.g., An OS user tikekarr;
-Use IDENTIFIED EXTERNALLY clause with create user
-Also exists as a database user
-Oracle will not validate
-To use sql*plus say
- Sqlplus /
E.g., An OS user tikekarr;
-Use IDENTIFIED EXTERNALLY clause with create user
-Also exists as a database user
-Oracle will not validate
-To use sql*plus say
- Sqlplus /
17-17-99
Creating a New User: GuidelinesCreating a New User: Guidelines
• Choose a standard password initially;use O/S authentication sparingly.
• Use the EXPIRE keyword to force users to reset their passwords.
• Always assign temporary tablespace.
• Restrict quotas to few users;use QUOTA UNLIMITED with caution.
• Educate users:– To connect– To change password
• Choose a standard password initially;use O/S authentication sparingly.
• Use the EXPIRE keyword to force users to reset their passwords.
• Always assign temporary tablespace.
• Restrict quotas to few users;use QUOTA UNLIMITED with caution.
• Educate users:– To connect– To change password
17-17-1010
Controlling Account Lock and Password
Controlling Account Lock and Password
ALTER USER peterIDENTIFIED BY hisgrandpaPASSWORD EXPIRE;
ALTER USER peterIDENTIFIED BY hisgrandpaPASSWORD EXPIRE;
17-17-1111
Changing User Quota on Tablespace
Changing User Quota on Tablespace
ALTER USER peterQUOTA 0 ON data01;
ALTER USER peterQUOTA 0 ON data01;
To get a user out of system (fired/resigned):To get a user out of system (fired/resigned):
-Use password expirationUse password expiration
-Lock accountLock account
-Alter passwordAlter password
-Change profileChange profile
-Export/import user schema elsewhereExport/import user schema elsewhere
17-17-1212
Dropping a UserDropping a User
Use the CASCADE clause if theschema contains objects.Use the CASCADE clause if theschema contains objects.
DROP USER peter;DROP USER peter;
DROP USER peter CASCADE;DROP USER peter CASCADE;
User currently connected cannot be droppedUser currently connected cannot be dropped
17-17-1313
Monitoring UsersMonitoring Users
DBA_USERS
USERNAME
USER_ID
CREATED
ACCOUNT_STATUS
LOCK_DATE
EXPIRY_DATE
DEFAULT_TABLESPACE
TEMPORARY_TABLESPACE
DBA_USERS
USERNAME
USER_ID
CREATED
ACCOUNT_STATUS
LOCK_DATE
EXPIRY_DATE
DEFAULT_TABLESPACE
TEMPORARY_TABLESPACE
DBA_TS_QUOTAS
USERNAME
TABLESPACE_NAME
BYTES
MAX_BYTES
BLOCKS
MAX_BLOCKS
DBA_TS_QUOTAS
USERNAME
TABLESPACE_NAME
BYTES
MAX_BYTES
BLOCKS
MAX_BLOCKS
17-17-1414
Monitoring UsersMonitoring UsersSelect tablespace_name, blocks, max_blocks, bytes, Select tablespace_name, blocks, max_blocks, bytes, max_bytesmax_bytes
From dba_ts_quotaFrom dba_ts_quota
Where username = ‘SCOTT’;Where username = ‘SCOTT’;
-1 in MAX_BLOCKS or MAX_BYTES indicates unlimited -1 in MAX_BLOCKS or MAX_BYTES indicates unlimited quotaquota
Select username, account_status, temporary_tablespaceSelect username, account_status, temporary_tablespace
From dba_users;From dba_users;
-lists all users, their account status and temp. ts-lists all users, their account status and temp. ts
17-17-1515
SummarySummary
• Creating users specifying the appropriate password mechanism
• Controlling usage of space by users
• Creating users specifying the appropriate password mechanism
• Controlling usage of space by users
