User Management in Oracle.

md 2024-02-21

User Management in Oracle Database (Managing

Users, Privileges, Roles & Profiles)
1. Viewing Database Users
Use DBA_USERS view to get information about all database users.

SELECT * FROM dba_users ORDER BY username;

2. Viewing Specific Users

Retrieve information about specific users like account status, default tablespace, temporary tablespace,
and profile.

SELECT username, account_status, default_tablespace, temporary_tablespace, profile

FROM dba_users
WHERE username IN ('AAYUSH', 'AMOGH', 'HANNIBAL', 'MADHUKAR', 'PRADIP', 'RUPESH',
'SANJIV')
ORDER BY username;

3. Viewing User Tables

Query user tables to see which tables reside in the user's schema.

SELECT table_name, tablespace_name FROM user_tables;

4. Creating Users
Create users with minimal or detailed parameters.

-- With minimal parameters

CREATE USER sanjiv IDENTIFIED BY Sanjivpass123;

-- With detailed parameters

CREATE USER hannibal IDENTIFIED BY Hannibal123 DEFAULT TABLESPACE eprodicts
TEMPORARY TABLESPACE temp PROFILE default ACCOUNT UNLOCK PASSWORD EXPIRE;

5. Granting Login Privileges

Grant users the privilege to connect to the database.

1/8
User Management in Oracle.md 2024-02-21

GRANT CREATE SESSION TO sanjiv;

-- OR
GRANT CONNECT TO sanjiv, hannibal;

6. Modifying User Accounts

Alter user accounts to change their settings such as unlocking, locking, or modifying quotas.

ALTER USER hannibal ACCOUNT UNLOCK;

ALTER USER sanjiv ACCOUNT LOCK;
ALTER USER sanjiv PASSWORD EXPIRE;
ALTER USER sanjiv DEFAULT TABLESPACE eproducts;
ALTER USER sanjiv DEFAULT TABLESPACE users;
ALTER USER sanjiv QUOTA 10M ON users;
ALTER USER hannibal QUOTA UNLIMITED ON eproducts;

7. Granting DDL Privileges

Grant users the privilege to create tables.

GRANT CREATE TABLE TO sanjiv, hannibal;

8. Viewing Table Tablespaces

See which tables are located in which tablespaces within the user's schema.

SELECT table_name, tablespace_name FROM user_tables;

9. Viewing Quota Sizes

Check the allocated quota size for users.

SELECT username, max_bytes/(1024*1024) AS "Size in MB", tablespace_name

FROM dba_ts_quotas
WHERE username IN ('SANJIV', 'HANNIBAL');

10. Dropping Users

Remove users from the database, including all their associated objects.

DROP USER sanjiv CASCADE;

2/8
User Management in Oracle.md 2024-02-21

Managing Privileges
I. System Privileges
Creating Users

System privileges are only granted by the database administrator (DBA).

Create multiple users with minimal parameters.
The usernames include: aayush, pradip, rupesh, madhukar, amogh, david.

CREATE USER <username_here> IDENTIFIED BY <username123>;

Granting Quotas to Users

Grant quotas to users to allocate space for storing data in the database.
This provides access to insert data into databases.

ALTER USER rushme QUOTA 10M ON users;

ALTER USER rupesh QUOTA 10M ON users;

Granting Privileges to Users with Admin Option

Grant privileges to users with the admin option, allowing them to grant the same privileges to other
users.

GRANT CREATE SESSION, CREATE TABLE TO rupesh, rushme WITH ADMIN OPTION;

Viewing System Privileges

View the system privileges granted to specific users.

SELECT * FROM dba_sys_privs

WHERE grantee IN ('RUPESH', 'RUSHME', 'DAVID');

II. Object Privileges

Granting Object Privileges

Object privileges can be granted by either the DBA or the owner of the object.
Grant select and insert privileges on the hr.employees table to david, rupesh, and rushme.

3/8
User Management in Oracle.md 2024-02-21

Granting the ALL privilege provides full admin privileges on the hr.employees table to david with the
grant option.

GRANT SELECT, INSERT ON hr.employees TO david, rupesh, rushme;

GRANT ALL ON hr.employees TO david WITH GRANT OPTION;

Viewing Object Privileges

View the object privileges granted on the hr.employees table.

SELECT * FROM dba_tab_privs

WHERE table_name='EMPLOYEES' AND owner='HR'
ORDER BY grantee;

Viewing Quotas of Given Users

Check the quota size allocated to specific users.

SELECT username, max_bytes/(1024*1024) AS "size in mb"

FROM dba_ts_quotas
WHERE username IN ('RUSHME', 'RUPESH');

Revoking Privileges
I. Revoking System Privileges

There are no cascading effects when revoking system privileges.

Revoke the create table privilege from rushme.

REVOKE CREATE TABLE FROM rushme;

II. Revoking Object Privileges

There are cascading effects when revoking object privileges.

Revoke all privileges on the hr.employees table from david.

REVOKE ALL ON hr.employees FROM david;

Managing Roles

4/8
User Management in Oracle.md 2024-02-21

What is a Role?
A role is a collection of privileges that can be granted to users or other roles.
Roles simplify privilege management by allowing administrators to grant sets of privileges to users or
roles.

Concept of Role
Roles are used to manage and organize privileges in a hierarchical manner.
Roles can be assigned system privileges or object privileges, and they can also be assigned to other
roles.

Creating Roles
Roles are created using the CREATE ROLE statement.
Example:

CREATE ROLE jr_manager;

CREATE ROLE sr_manager;
CREATE ROLE chief_manager;

Granting System Privileges to a Role

System privileges such as CREATE SESSION and CREATE TABLE can be granted to roles.
Example:

GRANT CREATE SESSION, CREATE TABLE TO jr_manager;

GRANT CREATE SESSION, CREATE ANY TABLE, CREATE USER TO sr_manager;

Granting Object Privileges to a Role

Object privileges such as SELECT, INSERT, and UPDATE on specific tables can be granted to roles.
Example:

GRANT SELECT ON hr.employees TO jr_manager;

GRANT SELECT, INSERT, UPDATE ON hr.employees TO sr_manager;

Assigning Role to a Role

Roles can be assigned to other roles to create role hierarchies.
Example:

GRANT sr_manager TO chief_manager;

GRANT DROP USER TO chief_manager;
5/8
User Management in Oracle.md 2024-02-21

GRANT DELETE ON hr.employees TO chief_manager;

Granting Roles to Users

Roles can be granted to users to assign them specific sets of privileges.
Example:

GRANT jr_manager TO rupesh, pradip;

GRANT sr_manager TO rushme, amogh;
GRANT chief_manager TO sanjiv;

Viewing Roles
Roles and their associated privileges can be viewed using system views.
Example:

-- System Privilege Roles

SELECT * FROM role_sys_privs
WHERE role IN ('JR_MANAGER', 'SR_MANAGER', 'CHIEF_MANAGER')
ORDER BY role;

-- Object Privilege Roles

SELECT * FROM role_tab_privs
WHERE role IN ('JR_MANAGER', 'SR_MANAGER', 'CHIEF_MANAGER')
ORDER BY role;

-- Dictionary View
SELECT * FROM dba_role_privs
WHERE granted_role IN ('JR_MANAGER', 'SR_MANAGER','CHIEF_MANAGER')
ORDER BY grantee;

Revoking Privileges from Roles

System or object privileges granted to roles can be revoked as needed.
Example:

-- Revoking System Privileges

REVOKE CREATE ANY TABLE FROM sr_manager;

-- Revoking Object Privileges

REVOKE UPDATE ON hr.employees FROM sr_manager;

Managing Profiles
6/8
User Management in Oracle.md 2024-02-21

What is a Profile?
A profile is a set of resource limits and password parameters that can be assigned to database users.
Profiles control various aspects of user behavior and resource usage within the database.

Concept of Profile
Profiles are used to enforce security policies and resource management guidelines for database users.
They provide a way to control user access and resource consumption based on predefined criteria.

What it Controls
Profiles control parameters such as session limits, idle time, connect time, password expiration, and
failed login attempts.
These parameters help regulate user activity and resource utilization within the database.

What it Consists of
A profile consists of various limit settings and password parameters that define user behavior and
resource usage.
These settings specify the maximum allowed values for session-related parameters and password
policies.

File Type
Profiles are stored in the database's data dictionary as metadata.
They are managed internally by the database and do not correspond to physical files.

Processes and Background Processes Involved

The creation and management of profiles involve internal database processes responsible for enforcing
profile settings.
Background processes such as the Oracle background process (DBWn) and user sessions interact with
profiles to enforce resource limits and password policies.

Creating Profile
Profiles are created using the CREATE PROFILE statement.
Example:

CREATE PROFILE jr_profile

LIMIT
SESSIONS_PER_USER 1
IDLE_TIME 15
CONNECT_TIME 480
PASSWORD_LIFE_TIME 60
FAILED_LOGIN_ATTEMPTS 3;

7/8
User Management in Oracle.md 2024-02-21

Assigning Profile to Users

Profiles can be assigned to users to enforce the resource limits and password policies defined in the
profile.
Example:

ALTER USER pradip

PROFILE jr_profile;

8/8