Oracle creates new users, roles, authorization, and tablespaces

Others 2022-05-25 15:57:39 views: 0
There are three types of role: connect, resource, dba

grant connect, resource to user01; grant permission
revoke connect, resource from user01; revoke

grant dba to danny;



oracle database permission system is divided into system permission and object permission. System privileges ( database system privilege ) allow users to execute a specific set of commands. For example, the create table permission allows the user to create a table, and the grant any privilege permission allows the user to grant any system privilege. Object privileges ( database object privilege ) allow users to perform certain operations on individual objects. For example, delete permission allows users to delete rows in a table or view, and select permission allows users to query information from tables, views, sequences, or snapshots through select.



  Each oracle user has a name and password, and has some tables, views and other resources created by it. An oracle role is simply a set of privileges (or the type of access each user needs based on his status and conditions). Users can grant or grant specified permissions to roles, and then assign roles to corresponding users. A user can also authorize other users directly.



  First, create a user



  Oracle has two built users: system and sys. Users can log in directly to the system user to create other users, because system has the authority to create other users. When installing oracle, users or system administrators can first create a user for themselves. For example:



Sql code

create user user01 identified by u01; 

    This command can also be used to set other permissions, see self-study materials for details. To change a password, use the alter user command:



 <span style="white-space: pre;"> alter user user01 identified by usr01;</span>

<span style="white-space: pre;"><span style="white-space: normal;"> </span> </span>

  Now the password of user01 has been changed from "u01" to "usr01".



  In addition to the alter user command, users can also use the password command. If the password command is used, the new password entered by the user will not be displayed on the screen. A user with dba privileges can change the password of any other user through the password command; other users can only change their own password.



  When the user enters the password command, the user is prompted to enter the old and new password as follows:



  password



  changing password for user01



  old password:



  new password:



  retype new password:























  If the user owns the object, it cannot be deleted directly, otherwise an error value will be returned. Specify the keyword cascade to delete objects owned by the user, and then delete the user. The following example is used to delete users and their objects:



  drop user user01 cascade;



  three, three standard roles



  qracle in order to be compatible with previous versions, provides three standard roles (role): connect, resource and dba.



  1. connect role (connection role)



  Temporary users, especially those users who do not need to create tables, are usually only given connectrole. connect is a simple permission to use oracle. This permission only becomes meaningful when it has access to other users' tables, including select, insert, update, and delete. Users with the connect role can also create tables, views, sequences, clusters, synonyms, sessions, and links with other databases.



  2. resource role (resource role)



  More reliable and formal database users can grant resource role. A resource provides users with additional privileges to create their own tables, sequences, procedures, triggers, indexes, and clusters.



  3. dba role (database administrator role)



  dba role has all system permissions ---- including unlimited space quota and the ability to grant various permissions to other users. system is owned by the dba user. The following introduces some typical permissions that are often used by dba.



  (1) grant (authorization) command



  Now authorize the user user01 just created, the command is as follows:



  grant connect, resource to user01;



  (2)revoke (revoke)



  permission The granted permission can be revoked. For example, to revoke the authorization in (1), the command is as follows:



  revoke connect, resource from user01;



  a user with the dba role can revoke any other user or even other dba's connect, resource and dba other permissions. Of course, this is very dangerous, so unless it is really necessary, dba permissions should not be granted to ordinary users who are not very important. Revoking all privileges from a user does not mean removing the user from oracle, nor does it destroy any tables created by the user; it simply disables access to those tables. Other users who want to access these tables can access the tables as before.



  Fourth, create roles



  In addition to the three system roles mentioned above - connect, resource and dba, users can also create their own roles in Oracle. User-created roles can consist of table or system permissions or a combination of both. In order to create a role, the user must have the create role system privilege. An example of the create role command is given below:



  create role student;



  This command creates a role named student.



  Once a role is created, the user can authorize it. The syntax of the grant command for role authorization is the same as for the user. When authorizing the role, use the name of the role in the to clause of the grant command, as follows:



  grant select on class to student;



  Now, all users with the student role have select permissions on the class table.



  Fifth, delete the role



  To delete the role, you can use the drop role command, as follows:



  drop role student;



  the specified role and its associated permissions will be deleted from the database.



    6. Precautions

for deleting a table When deleting all data in a table, you must use the Sql code

truncate table table name 

because when using drop table, delete * from table name, the space occupied by the table space table space table space is not released, repeatedly After several drop and delete operations, hundreds of megabytes of space in the tablespace are consumed. 

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=326890480&siteId=291194637
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com