Oracle User Management : -

Oracle user management involves creating, managing, and securing database users and
their access to database resources. This ensures that only authorized users can access
and manipulate data, maintaining database security and integrity. Let's explore the key
components of Oracle user management.

1. Creating Users

Creating users in Oracle involves defining new user accounts and specifying their
authentication methods. The CREATE USER statement is used for this purpose.

Basic User Creation: This involves specifying the username and password for the new
user.

SQL>

CREATE USER username IDENTIFIED BY password ;

Example:
 SQL>

CREATE USER shad_cdb IDENTIFIED BY secure_password ;

User Authentication: Users can be authenticated in various ways such as by password,

external methods, or globally by an enterprise directory service.

2. Granting Privileges

Privileges in Oracle are rights to execute specific types of SQL statements or to access
another user's object. There are two main types of privileges: system privileges and
object privileges.

System Privileges: These allow users to perform administrative tasks or system-wide

operations. Common system privileges include:
CREATE SESSION: Allows the user to connect to the database.
CREATE TABLE: Allows the user to create tables in their schema.
ALTER USER: Allows the user to modify other users' accounts.

SQL>

GRANT CREATE SESSION TO username

Example:

SQL>

GRANT CREATE SESSION TO shad_cdb ;

Object Privileges: These allow users to perform actions on specific schema objects like
tables, views, sequences, etc. Common object privileges include:
 SELECT: Allows the user to query the table.
INSERT: Allows the user to insert rows into the table.

UPDATE: Allows the user to update rows in the table.

SQL>

GRANT SELECT, INSERT ON employees TO shad_cdb ;

3. Roles

Roles are named groups of related privileges that can be granted to users or other roles.
This simplifies the process of assigning and managing privileges.

Creating a Role:

SQL>

CREATE ROLE role_name;

Example:

SQL>

CREATE ROLE manager_role ;

Granting Privileges to a Role:

SQL>
 GRANT privilege TO role_name ;

Example:

SQL>

GRANT CREATE TABLE TO manager_role ;

Assigning a Role to a User:

SQL>

GRANT role_name TO username ;

Example:

SQL>

GRANT manager_role TO shad_cdb ;

4. Profiles

Profiles are used to manage user resource limits and password policies. They help in
enforcing security policies and controlling resource usage.
Creating a Profile:

SQL>

CREATE PROFILE profile_name LIMIT

SESSIONS_PER_USER 2

FAILED_LOGIN_ATTEMPTS 5

PASSWORD_LIFE_TIME 30;

Example:

SQL>

CREATE PROFILE limited_user LIMIT

SESSIONS_PER_USER 1

FAILED_LOGIN_ATTEMPTS 3

PASSWORD_LIFE_TIME 60;

Assigning a Profile to a User:

SQL>

ALTER USER username PROFILE profile_name ;

Example:

SQL>
 ALTER USER shad_cdb PROFILE limited_user ;

5. Managing Users

Altering User Details: Modify user details such as password, default tablespace,
temporary tablespace, etc.

SQL>

ALTER USER username IDENTIFIED BY new_password ;

Example:

SQL>

ALTER USER shad_cdb IDENTIFIED BY new_secure_password ;

Locking and Unlocking Users: Prevent users from logging in or restore their access.

SQL>

ALTER USER username ACCOUNT LOCK ;

ALTER USER username ACCOUNT UNLOCK ;

Example:

SQL>

ALTER USER shad_cdb ACCOUNT LOCK ;

 ALTER USER shad_cdb ACCOUNT UNLOCK ;

Dropping Users: Remove a user and optionally their schema objects.

SQL>

DROP USER username CASCADE ;

Example:

SQL>

DROP USER shad_cdb CASCADE ;

6. Security Best Practices

 Least Privilege Principle: Grant users only the privileges they need to perform their
job.
 Strong Password Policies: Enforce strong passwords and regular password
changes.
 Regular Audits: Monitor and review user activities and access logs to detect and
respond to suspicious activities.
 Use of Roles and Profiles: Simplify privilege management and enforce consistent
security policies.