Scribd
Upload
220 views10 pages

9managing Users and Resources

A profile defines password and resource limits for users and is assigned during user creation. Privileges grant users permission to perform database actions and are assigned through roles or directly. System privileges allow database-level actions while object privileges apply to specific schema objects. Roles are sets of privileges that can be granted to or revoked from users together.

Uploaded by

waleed
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
220 views10 pages

9managing Users and Resources

A profile defines password and resource limits for users and is assigned during user creation. Privileges grant users permission to perform database actions and are assigned through roles or directly. System privileges allow database-level actions while object privileges apply to specific schema objects. Roles are sets of privileges that can be granted to or revoked from users together.

Uploaded by

waleed
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 10

Managing Password and Resources

What Is a Profile?
A profile is a named set of the following password and resource limits:
• Password aging and expiration
• Password history
• Password complexity verification
• Account locking
• CPU time
• I/O operations
• Idle time
• Connect time
• Memory space (private SQL area for MTS only)
• Concurrent sessions

Chapter 9 | Managing Users and


Resources
Chapter 9 | Managing Users and
Resources
Chapter 9 | Managing Users and
Resources
Creating profile:

create profile p1 limit


session_per_user <value>
Connect_time <value>
idle_time <value>
failed_login_attem <value>
pts
password_lock_tim <value>
e
password_life_time <value>

Altering a Profile:
ALTER PROFILE profile1
FAILED_LOGIN_ATTEMPTS 3
Connect_time 20
PASSWORD_GRACE_TIME 10;

Chapter 9 | Managing Users and


Resources
Dropping a Profile
DROP PROFILE profile1;

Managing Users
When a database is created the users SYS and
SYSTEM are created automatically and granted the DBA role.

SYS
• Password:
change_on_install
• Owner of the database data dictionary

SYSTEM
• Password:
manager
• Owner of additional internal tables and views used by Oracle tools

How to create a user?


create user <user_name>

identified by <pass_word>

default tablespace <tablespace>

temporary tablespace <tablespace>

quota <value> on <tablespace_name>

profile <p1>

Database Administrator Users

Dropping user :
DROP USER user [CASCADE]

Chapter 9 | Managing Users and


Resources
Managing Privileges and Roles
Privileges

A privilege is a right to execute a particular type of SQL statement or to access another user’s object.
These include the right to:

• Connect to a database
• Create a table
• Select rows from another user’s table
• Execute another user’s stored procedure

System Privileges

Each system privilege allows a user to perform a particular database operation or class of database
operations. For example, the privilege to create tablespaces is a system privilege.

Object Privileges

Each object privilege allows a user to perform a particular action on a specific object, such as a table,
view, sequence, procedure, function, or package.

Privileges and roles are used to control user access to data and the types of SQL statements that can be
executed. The table that follows describes the three types of privileges and roles:
Category Examples
INDEX CREATE ANY INDEX

ALTER ANY INDEX

DROP ANY INDEX


TABLE CREATE TABLE

CREATE ANY TABLE

Chapter 9 | Managing Users and


Resources
ALTER ANY TABLE

DROP ANY TABLE

SELECT ANY TABLE

UPDATE ANY TABLE

DELETE ANY TABLE


SESSION CREATE SESSION

ALTER SESSION

RESTRICTED SESSION
TABLESPACE CREATE TABLESPACE

ALTER TABLESPACE

DROP TABLESPACE

UNLIMITED TABLESPACE

Object priv. Table View Sequenc Procedur


e e
ALTER   
DELETE  
EXECUTE 
INDEX  
INSERT  
REFERENCES 
SELECT   
UPDATE  

Privileges and roles can be granted to other users by users who have been granted the privilege to
do so. The granting of roles and privileges starts at the administrator level. At database creation,
the administrative user SYS is created and granted all system privileges and predefined Oracle

Chapter 9 | Managing Users and


Resources
Database roles. User SYS can then grant privileges and roles to other users, and also grant those
users the right to grant specific privileges to others
• Granting object privileges:

grant select on emp to <user_name>

• Revoking object privileges:

Revoke select on emp from <user_name

Chapter 9 | Managing Users and


Resources
What is a Role?
SET OF PEREVILGES

Creating Roles
Create role <role_name>

grant createtable,altertable,drop any table to <role_name>

Dropping role
drop role role;

HOME AND LAB EXERCISES


How to add a user?

How to change the password?

Assign system table space to the user?

Assign non system tablespace to the user?

Grant system privileges to the user?

Chapter 9 | Managing Users and


Resources
Revoke system privileges from the user?

Grant objects privileges to the user?

Revoke object privileges from the user?

Create a Role with some system privileges?

Grant role to the user?

Revoke the role from the user?

Drop the role?

Drop the profile?

Drop the user?

Chapter 9 | Managing Users and


Resources

You might also like