First, create a user
Overview: In oracle To create a new user create user statement, generally has the authority dba (database administrator) is to use.
create user username identified by password;
Note: oracle has a fault, the password must start with a letter, if the start with a number, it does not create a user
eg, create user xiaoming identified by oracle ;
Second, to modify the user password
Overview: If you change the password to their use directly
SQL> password user name or passw
If you need to change your password to others has dba permission, or have permission to alter user's system
SQL> alter user username identified the new password by
three or delete users
Overview: general identity of dba to delete a user, if the user to delete other users will need to have permission to drop user's.
For example, drop user username [cascade]
Note: When you delete a user, if you want to delete a user has created a table, you need to take a parameter cascade when removed, that is with the user and delete table;
Fourth, the authority
permission divided into system permissions and object permissions.
What is the system privileges?
User permissions to the database, connect, resource, dba and other system privileges, such as building a database, build tables, indexing, build stored procedures, database login, change password.
What is the object privileges?
User rights data object to another user operation, insert, delete, update, select , all other rights objects, there are many data objects such as tables, indexes, views, triggers, stored procedures, and other packages.
Execute SELECT * FROM Dba_Object_Size; statement available oracle database objects.
Fifth, the role of
role into predefined roles and custom roles.
Sixth, integrated case management of user
Overview: The new user is created without any permission, and even landing permission to the database do not need to assign the appropriate permissions. To assign a user permission to use the command grant, permission to use the recovery command revoke.
To clear user administration, and here I give you a case.
SQL> conn xiaoming / the Oracle
ERROR:
ORA-01045: the User XIAOMING of Lacks the CREATE SESSION Privilege; Logon denied
Warning: You are no longer connected to ORACLE.
SQL> Show the User
the USER is ""
SQL> conn System / the Oracle
connected.
SQL> grant connect to xiaoming;
authorization is successful.
SQL> conn xiaoming / oracle
connected.
SQL>
Note: grant connect to xiaoming; here, Exactly, connect not authority, but the role.
Now that the next object authority to do so now things:
* Users can hope xiaoming to query the emp table
* xiaoming want to query the user can emp table of the scott
Grant the SELECT ON scott.emp to xiaoming
* xiaoming user may wish to modify the scott emp table
Update ON scott.emp to xiaoming Grant
* hope xiaoming user can modify / delete, query, add scott's emp table
Grant All ON scott.emp to xiaoming
* scott hope to recover xiaoming query rights to the emp table
revoke select on scott.emp from xiaoming
Seven transfer authority
// maintenance authority.
* Users can hope xiaoming to query the emp table of the scott / xiaoming may also want to pass this privilege to others.
- If the permission is subject, the Option Grant joined with
Grant the SELECT ON emp to xiaoming with the Option Grant
process my operation:
SQL> conn scott / the Oracle;
connected.
SQL> grant select on scott.emp to xiaoming with grant option;
authorization is successful.
SQL> conn system / oracle;
connected.
SQL> create user xiaohong identified by oracle ;
the user has created.
SQL> grant connect to xiaohong;
authorization is successful.
SQL> conn xiaoming / oracle;
connected.
SQL> grant select on scott.emp to xiaohong ;
authorization is successful.
- if the system permissions.
When the system to xiaoming permission: grant connect to xiaoming with admin option
Question: If the xiaoming scott permission to query the emp table recovery, then xiaohong what will happen?
The answer: be recycled.
Here is my operation:
SQL> conn scott / the Oracle;
connected.
SQL> revoke select on emp from xiaoming ;
revocation of success.
SQL> conn xiaohong / oracle;
connected.
The SQL> SELECT * from scott.emp;
SELECT * from scott.emp
*
Line 1 Error:
ORA-00942: table or view does not exist
The results show: the red been implicated. .
Eight, with admin option with a difference with grant option
1, with admin option for system privileges authorized, with grant option for the object authorization.
2, give a user granted permission to bring with admin system when option, the user can grant other users or roles this system privileges, but to recover the rights of users of this system, the user has been granted to other users or roles this system permissions do not due to ineffective communication, such as a grant system privileges create session with admin option, then a again create session privileges granted to B, but an administrator to recover create session privilege of a, B still has permission to create session, but administrators can significantly type B create session privileges withdrawn, that is directly revoke create session from B.
And with the object when the grant option for authorized users can be granted the object privileges granted to other users or roles, but the difference is that an administrator to recover the user object permissions with grant option authorized by, the authority will fail due to spread such as grant select on table with grant option to a, a to user B to grant this permission, but when the administrator rights to recover a's, B's authority will fail, but the administrator can not directly recover SELECT ON TABLE B's rights.