Oracle user rights management method is an entry-level material for those who want to learn Oracle security.
sys;//System administrator, the password with the highest authority is change_on_install by default
system;//Local administrator, the second highest authority password defaults to manager
sysman
dbsnmp
scott;//For ordinary users, the password defaults to tiger and is not unlocked by default.
2. Login
sqlplus / as sysdba;//Log in to sys account
sqlplus sys as sysdba;//Same as above
sqlplus scott/tiger;//Log in to ordinary user scott
3. Manage users
create user zhangsan;//Under the administrator account, create user zhangsan
alert user scott identified by tiger;//Change password
4. Grant permissions
1. The default ordinary user scott is not unlocked by default, and cannot be used for that purpose, and the newly created user does not have any permissions, which must be granted
/*Administrator authorization*/
grant create session to zhangsan;//Grant zhangsan users the authority to create sessions, that is, login authority
grant unlimited session to zhangsan;//Grant zhangsan user permission to use the table space
grant create table to zhangsan; //Grant permission to create table
grante drop table to zhangsan;//Grant permission to delete the table
grant insert table to zhangsan;//Permission to insert table
grant update table to zhangsan;//Modify table permissions
grant all to public;//This is more important, grant all permissions (all) to all users (public)
2. Oralce has strict authority management. Ordinary users cannot access each other by default and need to authorize each other.
grant select on tablename to zhangsan;//grant zhangsan user the permission to view the specified table
grant drop on tablename to zhangsan;//Grant permission to delete the table
grant insert on tablename to zhangsan;//Grant permission to insert
grant update on tablename to zhangsan;//Grant permission to modify the table
grant insert(id) on tablename to zhangsan;
grant update(id) on tablename to zhangsan;//Grant insert and modify permissions to specific fields of the specified table. Note that it can only be insert and update.
grant alert all table to zhangsan;//Grant zhangsan user the permission to alert any table
5. Revoking permissions
The basic syntax is the same as grant, the keyword is revoke
6. View permissions
select * from user_sys_privs;//View all permissions of the current user
select * from user_tab_privs;//View the user's permissions on the table
7. Table of users who operate the table
/*You need to add the user name before the table name, as follows*/
select * from zhangsan.tablename
8. Permission transfer
That is, user A grants permission to B, and B can grant the operation permission to C. The command is as follows:
grant alert table on tablename to zhangsan with admin option;//关键字 with admin option
grant alert table on tablename to zhangsan with grant option;//The effect of keyword with grant option is similar to admin
9. Role
A role is a collection of permissions, which can grant a role to a user
create role myrole;//Create role
grant create session to myrole;//Grant the permission to create session to myrole
grant myrole to zhangsan;//Grant the role of myrole to zhangsan user
drop role myrole; delete role
/*But some permissions cannot be granted to roles, such as unlimited tablespace and any keyword*/