Table of contents
1. Create a new user
create user xxxxx(用户名) identified by "密码"
alert user 用户名 identified by “新密码” --修改用户密码
其次也可以,新建用户时,绑定表空间
default tablespace BJSXT2. User permissions
Just assign resource\connect permissions normally.
grant dba to username - Grants all permissions to the user, connect gives the permission to connect to the database, and resource gives the user the permission to only create entities but not data structures.
grant create session to username --This is to give the user login permission.
grant create table to username --Give the user permission to operate the table
grant unlimited tablespace to username --Give the user permission to operate the tablespace
grant select any table to username --Give the user permission to access the task table. In the same way, you can grant update and delete permissions.
The ORACLE system provides three types of permissions: Object object level, System system level, and Role role level.
Permission classification
1. System permissions: The system stipulates the user's permissions to use the database. (System permissions are for users).
2. Entity permissions: A certain permission user’s access permissions to other users’ tables or views. (For tables or views).
2.1 System permissions
There are:
DBA: Has all privileges and is the highest authority in the system. Only DBA can create database structures.
RESOURCE: Users with Resource permissions can only create entities, not database structures.
CONNECT: Users with Connect permissions can only log in to Oracle and cannot create entities or database structures.
in:
1)授权命令:SQL> grant connect, resource, dba to 用户名1 [,用户名2]…;
SQL> Create user user50 identified by user50;
SQL> grant connect, resource to user50;
2)查询用户拥有哪里权限
SQL> select * from dba_role_privs;
SQL> select * from dba_sys_privs;
SQL> select * from role_sys_privs
3)查自己拥有哪些系统权限
SQL> select * from session_privs;
1
4)删除用户
SQL> drop user 用户名 cascade; -- 加上cascade则将用户连同其创建的东西全部删除
说明:
(1)如果使用WITH ADMIN OPTION为某个用户授予系统权限,那么对于被这个用户授予相同权限的所有用户来说,取消该用户的系统权限并不会级联取消这些用户的相同权限。
(2)系统权限无级联,即A授予B权限,B授予C权限,如果A收回B的权限,C的权限不受影响;系统权限可以跨用户回收,即A可以直接收回C用户的权限。
7)系统权限回收:系统权限只能由DBA用户回收
SQL> Revoke connect, resource from user50;2.2 Entity rights management
select, update, insert, alter, index, delete, all //all includes all permissions, execute //Permission to execute stored procedures
1 权限信息
SQL> select grantor, table_schema, table_name, privilege from all_tab_privs; -- 获权可以存取的表(被授权的)
SQL> select grantee, owner, table_name, privilege from user_tab_privs; -- 授出权限的表(授出的权限)
2 实体权限传递(with grant option):
user01:
SQL> grant select, update on product to user02 with grant option; -- user02得到权限,并可以传递。
3 实体权限回收:
user01:
SQL>Revoke select, update on product from user02; -- 传递的权限将全部丢失。
说明
1)如果取消某个用户的对象权限,那么对于这个用户使用WITH GRANT OPTION授予权限的用户来说,同样还会取消这些用户的相同权限,也就是说取消授权时级联的