Transcript Creating a New User

17
Managing Users
Objectives
• Creating new database users
• Altering and dropping existing database
users
• Monitoring information about existing
users
17-2
Users and Security
Account
locking
Default
tablespace
Authentication
mechanism
Temporary
tablespace
Security
domain
Role
privileges
Direct
privileges
17-3
Tablespace
quotas
Resource
limits
•DBA defines users
who can access db
•Security domain
defines the settings
that apply to users
Database Schema
(Some of the objects a user can own)
Tables
- Triggers
- Constraints
Indexes
Views
Sequences
Stored program units
Synonyms
User-defined data types
Database links
17-4
•Schema: named
collection of objects like
tables, views,
procedures, etc.
•When a user is created
a schema with same
name is created
•Hence username and
schema name used
interchangeably
Checklist for Creating Users
(Developers not end users)
1. Choose a username and
authentication mechanism.
2. Identify tablespaces in which the
user needs to store objects.
3. Decide on quotas for each
tablespace.
4. Assign default tablespace and
temporary tablespace.
5. Create a user.
6. Grant privileges and roles to the user.
17-5
Creating a New User:
Server Authentication
Set the initial password:
CREATE USER peter
IDENTIFIED BY my1stson
DEFAULT TABLESPACE data01
TEMPORARY TABLESPACE temp
QUOTA 15m ON data01
PASSWORD EXPIRE;
Expires at login forcing user to change password
17-6
Creating a New User: Operating
System Authentication
(User logs on to machine running Oracle server)
Use OS_AUTHENT_PREFIX (in parameter file)
Example: O/S User = user15;
OS_AUTHENT_
PREFIX
Database
User
OS_
OS_USER15
Remote Login
Possible
Create
Oracle
No
empty string
““
USER15
OPS$
(default)
OPS$USER15
(default)
17-7
User:
No
Yes
OS_user15
Creating a New User: Operating
System Authentication
(User logs on to machine running Oracle server)
E.g., An OS user tikekarr;
-Use IDENTIFIED EXTERNALLY clause
with create user
-Also exists as a database user
-Oracle will not validate
-To use sql*plus say
- Sqlplus /
17-8
Creating a New
User: Guidelines
• Choose a standard password initially;
use O/S authentication sparingly.
• Use the EXPIRE keyword to force users
to reset their passwords.
• Always assign temporary tablespace.
• Restrict quotas to few users;
use QUOTA UNLIMITED with caution.
• Educate users:
– To connect
– To change password
17-9
Controlling Account Lock
and Password
ALTER USER peter
IDENTIFIED BY hisgrandpa
PASSWORD EXPIRE;
17-10
Changing User Quota on
Tablespace
ALTER USER peter
QUOTA 0 ON data01;
To get a user out of system (fired/resigned):
-Use password expiration
-Lock account
-Alter password
-Change profile
-Export/import user schema elsewhere
17-11
Dropping a User
DROP USER peter;
Use the CASCADE clause if the
schema contains objects.
DROP USER peter CASCADE;
User currently connected cannot be dropped
17-12
Monitoring Users
DBA_USERS
DBA_TS_QUOTAS
USERNAME
USERNAME
USER_ID
TABLESPACE_NAME
CREATED
BYTES
ACCOUNT_STATUS
MAX_BYTES
LOCK_DATE
BLOCKS
EXPIRY_DATE
MAX_BLOCKS
DEFAULT_TABLESPACE
TEMPORARY_TABLESPACE
17-13
Monitoring Users
Select tablespace_name, blocks, max_blocks, bytes,
max_bytes
From dba_ts_quota
Where username = ‘SCOTT’;
-1 in MAX_BLOCKS or MAX_BYTES indicates unlimited
quota
Select username, account_status, temporary_tablespace
From dba_users;
-lists all users, their account status and temp. ts
17-14
Summary
• Creating users specifying the
appropriate password mechanism
• Controlling usage of space by users
17-15