Vous êtes sur la page 1sur 20

7

Administering Users

Copyright 2004, Oracle. All rights reserved.

Objectives
After completing this lesson, you should be able to do
the following:
Create and manage database user accounts
Create and manage roles
Grant and revoke privileges
Control resource usage by users

7-2

Copyright 2004, Oracle. All rights reserved.

Database User Accounts


Each database user account has a:
Unique username
Authentication method
Default tablespace
Temporary tablespace
User profile

7-3

Copyright 2004, Oracle. All rights reserved.

Creating a User
Select Users from the Administration properties page.
Click the Create button.

7-4

Copyright 2004, Oracle. All rights reserved.

Profiles and Users


Users are assigned
only one profile at
any given time.
Profiles:
Control
resource
consumption
Manage
passwords

7-5

Copyright 2004, Oracle. All rights reserved.

Authenticating Users

7-7

Password
External
Global

Copyright 2004, Oracle. All rights reserved.

Default and Temporary Tablespaces


and Locking

7-9

Default: Default location of database objects


Temporary: Used for sorting

Copyright 2004, Oracle. All rights reserved.

Database Users and Schemas

The collection of
objects owned by a user
is the schema.

Schema Objects

A user can be
associated with only
one schema.

Indexes

Username and schema


are often used
interchangeably.

Stored program units

Tables
Triggers
Views
Sequences
Synonyms
User-defined data types
Database links

7-10

Copyright 2004, Oracle. All rights reserved.

Checklist for Creating Users

7-11

Select a profile.
Select an authentication technique.
Assign a default tablespace and temporary
tablespace.
Grant privileges and roles to the user.
Decide on quotas for each tablespace.

Copyright 2004, Oracle. All rights reserved.

Privileges
There are two types of user privileges:
System: Enables users to perform particular
actions in the database
Object: Enables users to access and manipulate a
specific object

7-12

Copyright 2004, Oracle. All rights reserved.

System Privileges

7-13

Copyright 2004, Oracle. All rights reserved.

Object Privileges

To grant object privileges:


Choose the object type
Select objects
Select privileges

7-15

Copyright 2004, Oracle. All rights reserved.

Assigning Quota to Users


Users who do not have the unlimited tablespace
system privilege must be given a quota before they
can create objects in a tablespace. Quotas can be:
Unlimited
A specific value in megabytes or kilobytes

7-16

Copyright 2004, Oracle. All rights reserved.

Assigning Roles to Users

7-17

Copyright 2004, Oracle. All rights reserved.

Roles
Users

Roles

Privileges

Neena

HR_MGR

Delete
employees

Girard

Vance

HR_CLERK

Select
employees

Insert
employees

7-18

Copyright 2004, Oracle. All rights reserved.

Update
employees

Benefits of Roles

7-19

Easier privilege management


Dynamic privilege management
Selective availability of privileges
Can be granted through the operating system

Copyright 2004, Oracle. All rights reserved.

Predefined Roles

7-20

CONNECT

CREATE SESSION, CREATE TABLE, CREATE


VIEW, CREATE SYNONYM, CREATE
SEQUENCE, CREATE DATABASE LINK,
CREATE CLUSTER, ALTER SESSION

RESOURCE

CREATE TABLE, CREATE PROCEDURE,


CREATE SEQUENCE, CREATE TRIGGER,
CREATE TYPE, CREATE CLUSTER, CREATE
INDEXTYPE, CREATE OPERATOR

SCHEDULER_
ADMIN

CREATE ANY JOB, CREATE JOB, EXECUTE


ANY CLASS, EXECUTE ANY PROGRAM,
MANAGE SCHEDULER

DBA

Most system privileges, several other roles. Do


not grant to nonadministrators.

SELECT_
CATALOG_
ROLE

No system privileges but over 1600 object


privileges on the data dictionary

Copyright 2004, Oracle. All rights reserved.

Secure Roles
Roles may be nondefault.
SET ROLE vacationdba;

Roles may be protected through authentication.

Roles may also be secured programmatically.


CREATE ROLE secure_application_role
IDENTIFIED USING <security_procedure_name>;
7-21

Copyright 2004, Oracle. All rights reserved.

Summary
In this lesson you should have learned how to:
Create and manage user accounts
Create and manage roles
Grant and revoke privileges
Control resource usage by users

7-22

Copyright 2004, Oracle. All rights reserved.

Practice 7:
Administering Users
This practice covers the following:
Creating a profile to limit resource consumption
Creating two roles:
a. HRCLERK
b. HRMANAGER

7-23

Creating three new users, one manager, and two


clerks

Copyright 2004, Oracle. All rights reserved.

Vous aimerez peut-être aussi