[Oracle] Oracle Series 4--User Management

Language 2023-09-20 18:32:31 views: null

Article directory

Review of past issues

Preface

The Oracle architecture consists of a series of components, as shown in the following figure, which shows the main components in the Oracle architecture, including instances, user processes, server processes, data files and other files, such as parameter files, password files and archived log files wait. As can be seen from the figure, the instance and database are the core components of the Oracle database architecture and are also the two most important concepts; a very important job of the DBA is to maintain the normal working of the instance and the database itself.

Oracle database architecture and user management

Any object in the Oracle database belongs to a specific user, and operations related to user creation, deletion, and authorization management require DBA (database administrator) authority.

1. Create/delete users

(1) Create user

SQL> create user mytest identified by test123;  #创建用户,默认表空间为users;

(2) Modify password

SQL> alter user mytest identified by test456; #Change password

Oracle implements unified management of user passwords (password validity period, maximum lockout days, and maximum number of failed logins allowed before lockout) through profile files.

(3) Delete user

SQL> drop user mytest cascade;  #删除用户

2. User authorization management

(1) Directly authorize users

SQL> grant connect to mytest;               
SQL> grant select on scott.dept to mytest with grant option;
SQL> revoke select on scott.dept from mytest;   #取消授权

(2) Authorize users through roles

A role is a set of permissions. If a role is assigned to a user, the user will have all the permissions in the role.

SQL> create role myrole;         #创建角色
SQL> grant select on scott.dept to myrole;       #对角色授权
SQL> grant myrole to mytest;      #通过角色来控制用户
SQL> revoke myrole from mytest;    #取消授权

The database user security design principles are as follows:

Database users should first follow the minimum allocation principle;
database users can be divided into four categories: management, application, maintenance, and backup;
sys and system users are not allowed to create database application objects;
dba permissions are not allowed to be granted to ordinary users;
only query users are allowed Can open query permissions;
force new users to change their password when logging into the database for the first time;

Generally, program developers only need to grant the two roles CONNECT and RESOURCE. Note in particular that granting these two roles includes granting the user unlimited access to the default tablespace.

Guess you like

Origin blog.csdn.net/u011397981/article/details/133062052
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com