create user
Looking at the dba_users table shows that even for the SYSTEM user, the password expires. In addition, the configuration files (PROFILE) used by most users are DEFAULT, and
select * from dba_users
a ROOT user needs to be created/deleted below
- create user
CREATE USER root IDENTIFIED BY 123456
- delete users
DROP USER ROOT CASCADE
Grant permission
Oracle provides three standard roles (role): connect/resource and dba.
-
connect role (connect role)
temporary users, especially users who do not need to create tables, usually only give them connect role.
connect is to use oracle simple permissions, this permission only has access to other users' tables, including select/insert/ update and delete etc.
Users with a connect role can also create tables, views, sequences, clusters, synonyms, sessions, and other data links. -
resource role (resource role)
more reliable and formal database users can grant resource role.
resource provides additional permissions to users to create their own tables, sequences, procedures (procedure), triggers (trigger), indexes (index) and clusters (cluster). -
The dba role (database administrator role)
has all system permissions, including unlimited space quotas and the ability to grant various permissions to other users.
SQL commands
- Granted permission
grant connect, resource to root
- revoke permission
revoke connect, resource from root
Set password to never expire
Looking at the dba_profiles table, you can see that Oracle has only two configuration schemes by default, namely MONITORING_PROFILE and DEFAULT
SELECT DISTINCT profile FROM dba_profiles
In the dba_profiles table, filter all the configuration names as DEFAULT, you can find the following configuration
SELECT * FROM dba_profiles s WHERE s.profile = 'DEFAULT'
resource name | meaning |
---|---|
FAILED_LOGIN_ATTEMPTS | The maximum number of login attempts allowed before the account is locked |
PASSWORD_GRACE_TIME | Specify the number of grace days, from when the database issues a warning, to the number of days before the login expires. If the database password is not modified in the middle, the expiration will be invalid |
PASSWORD_LIFE_TIME | The number of days allowed for the same password |
PASSWORD_LOCK_TIME | How many days the account is locked after the number of login attempts is reached |
PASSWORD_REUSE_MAX | Number of times the password must be changed before the current password is reused |
PASSWORD_REUSE_TIME | For how many days the previous password cannot be reused |
PASSWORD_VERIFY_FUNCTION | This field allows complex PL/SQL password verification scripts to be passed as parameters to the create profile statement. Oracle database provides a default script, |
But you can create your own validation rules or use third-party software for validation. For the Function name, specify the name of the password verification rule, specifying Null means not using the password verification function |
Create a new configuration: CREATE PROFILE passwd_unlimit LIMIT PASSWORD_LIFE_TIME UNLIMITED
set the configuration file to the ROOT userALTER USER ROOT profile passwd_unlimit;