1717

Managing UsersManaging Users

17-17-22

ObjectivesObjectives

• Creating new database users

• Altering and dropping existing database users

• Monitoring information about existing users

• Creating new database users

• Altering and dropping existing database users

• Monitoring information about existing users

17-17-33

Accountlocking

Tablespacequotas

Temporarytablespace

Defaulttablespace

Roleprivileges

Resourcelimits

Securitydomain

Users and SecurityUsers and Security

Directprivileges

Authenticationmechanism

•DBA defines users DBA defines users who can access dbwho can access db

•Security domain Security domain defines the settings defines the settings that apply to usersthat apply to users

17-17-44

Tables

- Triggers

- Constraints

Indexes

Views

Sequences

Stored program units

Synonyms

User-defined data types

Database links

Database Schema(Some of the objects a user can own)

Database Schema(Some of the objects a user can own)

•Schema: named Schema: named collection of objects like collection of objects like tables, views, tables, views, procedures, etc.procedures, etc.

•When a user is created When a user is created a schema with same a schema with same name is createdname is created

•Hence username and Hence username and schema name used schema name used interchangeablyinterchangeably

17-17-55

Checklist for Creating Users(Developers not end users)

Checklist for Creating Users(Developers not end users)

1. Choose a username and authentication mechanism.

2. Identify tablespaces in which theuser needs to store objects.

3. Decide on quotas for eachtablespace.

4. Assign default tablespace and temporary tablespace.

5. Create a user.

6. Grant privileges and roles to the user.

1. Choose a username and authentication mechanism.

2. Identify tablespaces in which theuser needs to store objects.

3. Decide on quotas for eachtablespace.

4. Assign default tablespace and temporary tablespace.

5. Create a user.

6. Grant privileges and roles to the user.

17-17-66

Creating a New User: Server AuthenticationCreating a New User: Server Authentication

Set the initial password:Set the initial password:

CREATE USER peterIDENTIFIED BY my1stsonDEFAULT TABLESPACE data01TEMPORARY TABLESPACE tempQUOTA 15m ON data01 PASSWORD EXPIRE;

CREATE USER peterIDENTIFIED BY my1stsonDEFAULT TABLESPACE data01TEMPORARY TABLESPACE tempQUOTA 15m ON data01 PASSWORD EXPIRE;

Expires at login forcing user to change passwordExpires at login forcing user to change password

17-17-77

Remote Login

Possible

Creating a New User: Operating System Authentication

(User logs on to machine running Oracle server)

Creating a New User: Operating System Authentication

(User logs on to machine running Oracle server)

OS_AUTHENT_

PREFIX

OS_

empty string

“ “

OPS$

(default)

Database

User

OS_USER15

USER15

OPS$USER15

(default)

Use OS_AUTHENT_PREFIX (in parameter file)

Example: O/S User = user15;

Use OS_AUTHENT_PREFIX (in parameter file)

Example: O/S User = user15;

No

No

Yes

CreateCreate

OracleOracle

User:User:

OS_user15OS_user15

17-17-88

Creating a New User: Operating System Authentication

(User logs on to machine running Oracle server)

Creating a New User: Operating System Authentication

(User logs on to machine running Oracle server)

E.g., An OS user tikekarr;

-Use IDENTIFIED EXTERNALLY clause with create user

-Also exists as a database user

-Oracle will not validate

-To use sql*plus say

- Sqlplus /

E.g., An OS user tikekarr;

-Use IDENTIFIED EXTERNALLY clause with create user

-Also exists as a database user

-Oracle will not validate

-To use sql*plus say

- Sqlplus /

17-17-99

Creating a New User: GuidelinesCreating a New User: Guidelines

• Choose a standard password initially;use O/S authentication sparingly.

• Use the EXPIRE keyword to force users to reset their passwords.

• Always assign temporary tablespace.

• Restrict quotas to few users;use QUOTA UNLIMITED with caution.

• Educate users:– To connect– To change password

• Choose a standard password initially;use O/S authentication sparingly.

• Use the EXPIRE keyword to force users to reset their passwords.

• Always assign temporary tablespace.

• Restrict quotas to few users;use QUOTA UNLIMITED with caution.

• Educate users:– To connect– To change password

17-17-1010

Controlling Account Lock and Password

Controlling Account Lock and Password

ALTER USER peterIDENTIFIED BY hisgrandpaPASSWORD EXPIRE;

ALTER USER peterIDENTIFIED BY hisgrandpaPASSWORD EXPIRE;

17-17-1111

Changing User Quota on Tablespace

Changing User Quota on Tablespace

ALTER USER peterQUOTA 0 ON data01;

ALTER USER peterQUOTA 0 ON data01;

To get a user out of system (fired/resigned):To get a user out of system (fired/resigned):

-Use password expirationUse password expiration

-Lock accountLock account

-Alter passwordAlter password

-Change profileChange profile

-Export/import user schema elsewhereExport/import user schema elsewhere

17-17-1212

Dropping a UserDropping a User

Use the CASCADE clause if theschema contains objects.Use the CASCADE clause if theschema contains objects.

DROP USER peter;DROP USER peter;

DROP USER peter CASCADE;DROP USER peter CASCADE;

User currently connected cannot be droppedUser currently connected cannot be dropped

17-17-1313

Monitoring UsersMonitoring Users

DBA_USERS

USERNAME

USER_ID

CREATED

ACCOUNT_STATUS

LOCK_DATE

EXPIRY_DATE

DEFAULT_TABLESPACE

TEMPORARY_TABLESPACE

DBA_USERS

USERNAME

USER_ID

CREATED

ACCOUNT_STATUS

LOCK_DATE

EXPIRY_DATE

DEFAULT_TABLESPACE

TEMPORARY_TABLESPACE

DBA_TS_QUOTAS

USERNAME

TABLESPACE_NAME

BYTES

MAX_BYTES

BLOCKS

MAX_BLOCKS

DBA_TS_QUOTAS

USERNAME

TABLESPACE_NAME

BYTES

MAX_BYTES

BLOCKS

MAX_BLOCKS

17-17-1414

Monitoring UsersMonitoring UsersSelect tablespace_name, blocks, max_blocks, bytes, Select tablespace_name, blocks, max_blocks, bytes, max_bytesmax_bytes

From dba_ts_quotaFrom dba_ts_quota

Where username = ‘SCOTT’;Where username = ‘SCOTT’;

-1 in MAX_BLOCKS or MAX_BYTES indicates unlimited -1 in MAX_BLOCKS or MAX_BYTES indicates unlimited quotaquota

Select username, account_status, temporary_tablespaceSelect username, account_status, temporary_tablespace

From dba_users;From dba_users;

-lists all users, their account status and temp. ts-lists all users, their account status and temp. ts

17-17-1515

SummarySummary

• Creating users specifying the appropriate password mechanism

• Controlling usage of space by users

• Creating users specifying the appropriate password mechanism

• Controlling usage of space by users