Are Databases Owned by a Login or a User? Updated FREE

Are Databases Owned by a Login or a User?

12/19

vii Administering User Accounts and Security

This chapter describes how to create and manage user accounts. It contains the following sections:

• Virtually User Accounts

• About User Privileges and Roles

• About Administrative Accounts and Privileges

• Administering Roles

• Administering Database User Accounts

• Setting the Database Password Policy

• Users: Oracle By Case Serial

Virtually User Accounts

For users to access your database, yous must create user accounts and grant appropriate database admission privileges to those accounts. A user business relationship is identified by a user proper noun and defines the attributes of the user, including the following:

• Authentication method

• Password for database authentication

• Default tablespaces for permanent and temporary data storage

• Tablespace quotas

• Account status (locked or unlocked)

• Password status (expired or not)

When you create a user account, yous must not only assign a user name, a password, and default tablespaces for the account, just you must also do the following:

• Grant the advisable organization privileges, object privileges, and roles to the account.

• If the user will be creating database objects, then give the user account a space usage quota on each tablespace in which the objects will exist created.

Oracle recommends that you grant each user just plenty privileges to perform his job, and no more. For instance, a database application developer needs privileges to create and modify tables, indexes, views, and stored procedures, but does not need (and should not be granted) privileges to drop (delete) tablespaces or recover the database. You can create user accounts for database administration, and grant only a subset of administrative privileges to those accounts.

In add-on, yous may want to create user accounts that are used by applications merely. That is, nobody logs in with these accounts; instead, applications employ these accounts to connect to the database, and users log in to the applications. This type of user account avoids giving application users the ability to log in to the database direct, where they could unintentionally cause damage. See "Nearly User Privileges and Roles" for more data.

When y'all create a user account, y'all are too implicitly creating a schema for that user. A schema is a logical container for the database objects (such as tables, views, triggers, and so on) that the user creates. The schema name is the same every bit the user name, and can exist used to unambiguously refer to objects owned by the user. For example, hour.employees refers to the table named employees in the hr schema. (The employees table is owned past hr.) The terms database object and schema object are used interchangeably.

When you delete a user, you lot must either simultaneously delete all schema objects of that user, or yous must have previously deleted the schema objects in divide operations.

Predefined User Accounts

In addition to the user accounts that yous create, the database includes several user accounts that are automatically created upon installation.

All databases include the administrative accounts SYS, Arrangement, SYSMAN, and DBSNMP. Administrative accounts are highly privileged accounts, and are needed but past individuals authorized to perform administrative tasks such as starting and stopping the database, managing database retentivity and storage, creating and managing database users, and and so on. Y'all log in to Oracle Enterprise Manager Database Control (Database Control) with SYS, SYSTEM, or SYSMAN. The Direction Agent of Database Control uses the DBSNMP business relationship to monitor and manage the database. Yous assign the passwords for these accounts when you create the database with Oracle Database Configuration Assistant (DBCA). You must non delete these accounts.

All databases also include internal accounts, which are automatically created so that individual Oracle Database features or components such as Oracle Application Express can take their own schemas. To protect these accounts from unauthorized access, they are initially locked and their passwords are expired. (A locked account is an account for which login is disabled.) Y'all must not delete internal accounts, and yous must non use them to log in to the database.

Your database may too include sample schemas, which are a fix of interlinked schemas that enable Oracle documentation and Oracle instructional materials to illustrate mutual database tasks. These schemas also provide a way for you to experiment without endangering product data.

Each sample schema has a user business relationship associated with it. For instance, the hr user account owns the hr schema, which contains a fix of simple tables for a human resources awarding. The sample schema accounts are likewise initially locked and take an expired countersign. As the database ambassador, you are responsible for unlocking these accounts and assigning passwords to these accounts.

Nigh User Privileges and Roles

User privileges provide a basic level of database security. They are designed to command user access to data and to limit the kinds of SQL statements that users can execute. When creating a user, you grant privileges to enable the user to connect to the database, to run queries and make updates, to create schema objects, and more.

The main types of user privileges are equally follows:

• Organisation privileges—A arrangement privilege gives a user the power to perform a particular activeness, or to perform an action on any schema objects of a particular type. For case, the arrangement privilege CREATE Table permits a user to create tables in the schema associated with that user, and the organisation privilege CREATE USER permits a user to create database users.

• Object privileges—An object privilege gives a user the ability to perform a particular action on a specific schema object. Different object privileges are available for unlike types of schema objects. The privilege to select rows from the EMPLOYEES table or to delete rows from the DEPARTMENTS tabular array are examples of object privileges.

Managing privileges is made easier past using roles, which are named groups of related privileges. You lot create roles, grant arrangement and object privileges to the roles, then grant roles to users. You can also grant roles to other roles. Dissimilar schema objects, roles are not contained in any schema.

Tabular array 7-1 lists iii widely used roles that are predefined in Oracle Database. Yous can grant these roles when yous create a user or at any time thereafter.

Table 7-1 Oracle Database Predefined Roles

Part Name	Clarification
CONNECT	Enables a user to connect to the database. Grant this role to whatever user or application that needs database access. If yous create a user using Database Control, then this role is automatically granted to the user.
RESOURCE	Enables a user to create, modify, and delete certain types of schema objects in the schema associated with that user. Grant this office just to developers and to other users that must create schema objects. This part grants a subset of the create object system privileges. For instance, information technology grants the CREATE Table system privilege, but does not grant the CREATE VIEW system privilege. It grants just the following privileges: CREATE CLUSTER, CREATE INDEXTYPE, CREATE OPERATOR, CREATE PROCEDURE, CREATE SEQUENCE, CREATE Tabular array, CREATE TRIGGER, CREATE TYPE.
DBA	Enables a user to perform nigh administrative functions, including creating users and granting privileges; creating and granting roles; creating, modifying, and deleting schema objects in any schema; and more. Information technology grants all organisation privileges, just does not include the privileges to start or shut downwards the database instance. It is by default granted to users SYS and Organization.

Almost Authoritative Accounts and Privileges

Administrative accounts and privileges enable you to perform authoritative functions such as managing users, managing database memory, and starting upward and shutting downward the database.

This department contains the post-obit topics:

• SYS and Arrangement Users

• SYSDBA and SYSOPER System Privileges

SYS and Organisation Users

The following administrative user accounts are automatically created when yous install Oracle Database. They are both created with the password that you supplied upon installation, and they are both automatically granted the DBA role.

• SYS

  This account can perform all authoritative functions. All base of operations (underlying) tables and views for the database data dictionary are stored in the SYS schema. These base tables and views are critical for the operation of Oracle Database. To maintain the integrity of the data lexicon, tables in the SYS schema are manipulated only by the database. They should never be modified by whatever user or database ambassador. You must not create any tables in the SYS schema.

  The SYS user is granted the SYSDBA privilege, which enables a user to perform loftier-level administrative tasks such as backup and recovery.

• Organisation

  This business relationship can perform all administrative functions except the following:

  • Backup and recovery

  • Database upgrade

  While this account can be used to perform day-to-day administrative tasks, Oracle strongly recommends creating named users business relationship for administering the Oracle database to enable monitoring of database activity.

SYSDBA and SYSOPER System Privileges

SYSDBA and SYSOPER are administrative privileges required to perform high-level authoritative operations such as creating, starting upwardly, shutting down, bankroll upwardly, or recovering the database. The SYSDBA system privilege is for fully empowered database administrators and the SYSOPER system privilege allows a user to perform basic operational tasks, but without the ability to look at user data.

The SYSDBA and SYSOPER organisation privileges permit access to a database case fifty-fifty when the database is not open. Control of these privileges is therefore completely outside of the database itself. This control enables an administrator who is granted one of these privileges to connect to the database instance to get-go the database.

You tin can also call up of the SYSDBA and SYSOPER privileges equally types of connections that enable you lot to perform certain database operations for which privileges cannot exist granted in any other fashion. For example, if yous accept the SYSDBA privilege, then yous can connect to the database using AS SYSDBA.

The SYS user is automatically granted the SYSDBA privilege upon installation. When you log in every bit user SYS, you must connect to the database equally SYSDBA or SYSOPER. Connecting equally a SYSDBA user invokes the SYSDBA privilege; connecting as SYSOPER invokes the SYSOPER privilege. Oracle Enterprise Managing director Database Control does non let you to log in as user SYS without connecting as SYSDBA or SYSOPER.

When you connect with the SYSDBA or SYSOPER privilege, you connect with a default schema, not with the schema that is more often than not associated with your user name. For SYSDBA this schema is SYS; for SYSOPER the schema is PUBLIC.

Caution:

When yous connect equally user SYS, you accept unlimited privileges on data dictionary tables. Be certain that you lot do not modify any data dictionary tables.

Administering Roles

Roles are named groups of related system and object privileges. Y'all create roles and then assign them to users and to other roles.

This section contains the following topics:

• Viewing Roles

• Example: Creating a Part

• Instance: Modifying a Part

• Deleting a Function

Viewing Roles

You lot view roles on the Roles page of Oracle Enterprise Director Database Control (Database Control).

To view roles:

1. Go to the Database Home page, logging in with a user business relationship that has privileges to manage roles. An example of such a user account is Arrangement.

   See "Accessing the Database Habitation Page".

2. At the tiptop of the page, click Server to view the Server subpage.

3. In the Security department, click Roles.

   The Roles page appears.

   
   Description of the illustration view_roles.gif

4. To view the details of a particular role, in the Select cavalcade, select the name of the role you desire to view, so click View.

   If you do not see the part, then it may exist on another page. In this instance, practise one of the following:

   • Just above the listing of roles, click Next to view the adjacent folio. Keep clicking Next until you see the desired role.

   • Utilize the Search surface area of the folio to search for the desired function. In the Object Name field, enter the get-go few letters of the office, and and so click Get.

     Yous can then select the office and click View.

   The View Role page appears. In this page, you tin see all the privileges and roles granted to the selected function.

Example: Creating a Function

Suppose you want to create a role called APPDEV for awarding developers. Considering application developers must be able to create, alter, and delete the schema objects that their applications utilize, yous want the APPDEV role to include the system privileges shown in Table 7-ii.

Table vii-2 System Privileges Granted to the APPDEV Part

Privilege	Description
CREATE Tabular array	Enables a user to create, modify, and delete tables in his schema.
CREATE VIEW	Enables a user to create, modify, and delete views in his schema.
CREATE PROCEDURE	Enables a user to create, modify, and delete procedures in his schema.
CREATE TRIGGER	Enables a user to create, modify, and delete triggers in his schema.
CREATE SEQUENCE	Enables a user to create, modify, and delete sequences in his schema.
CREATE SYNONYM	Enables a user to create, modify, and delete synonyms in his schema.

To create the APPDEV role:

1. Become to the Roles page, equally described in "Viewing Roles".

2. Click Create.

   The Create Function folio appears.

3. In the Name field, enter APPDEV.

4. Click System Privileges to get to the Arrangement Privileges subpage.

   
   Description of the analogy create_role.gif

   The table of organisation privileges for this part contains no rows yet.

5. Click Edit List.

   The Modify Organization Privileges page appears.

6. In the Available Arrangement Privileges list, double-click privileges to add them to the Selected System Privileges list.

   The privileges to add are listed in Table vii-2.

   
   Description of the illustration modify_system_privs.gif

   Note:

   Double-clicking a privilege is a shortcut. You can also select a privilege and then click the Move button. To select multiple privileges, hold downwardly the Shift fundamental while selecting a range of privileges, or printing the Ctrl primal and select individual privileges, so click Move subsequently you have selected the privileges.

7. Click OK.

   The Organization Privileges subpage returns, showing the system privileges that you selected. At this bespeak, you could click Roles to assign other roles to the APPDEV role, or click Object Privileges to assign object privileges to the APPDEV role.

8. Click OK to return to the Roles page.

   The APPDEV role at present appears in the table of database roles.

Example: Modifying a Role

Suppose your applications make employ of Oracle Streams Avant-garde Queuing, and you lot make up one's mind that developers must be granted the roles AQ_ADMINISTRATOR_ROLE and AQ_USER_ROLE to develop and exam their applications. You must edit the APPDEV role to grant it these 2 Advanced Queuing roles.

To change the APPDEV role:

1. Go to the Roles page, equally described in "Viewing Roles".

2. In the Select column, click APPDEV function, and then click Edit.

   The Edit Role page appears.

3. Click Roles to navigate to the Roles subpage.

4. Click Edit Listing.

   The Modify Roles page appears.

5. In the Available Roles list, double-click the roles AQ_ADMINISTRATOR_ROLE and AQ_USER_ROLE to add them to the Selected Roles listing.

6. Click OK.

   The Roles subpage returns, showing that the roles that you selected were granted to the APPDEV role.

7. Click Apply to salve your changes.

   An update message appears, indicating that the role APPDEV was modified successfully.

Deleting a Role

Use caution when deleting a role, because Database Control deletes a role even if that role is currently granted to 1 or more users. Before deleting a role, yous may want to determine if the office has any grantees. Dropping (deleting) a function automatically removes the privileges associated with that role from all users that had been granted the role.

To decide if a function has any grantees:

1. Become to the Roles folio as described in "Viewing Roles".

2. In the Select column, click the desired function.

   If y'all do non come across the desired role, then it may be on some other page. In this case, do one of the following:

   • Just in a higher place the listing of roles, click Side by side to view the side by side page. Continue clicking Next until you see the desired role.

   • Use the Search expanse of the page to search for the desired role. In the Object Name field, enter the first few letters of the role, and and then click Go.

   Yous can so select the role.

3. In the Actions list, select Prove Grantees, then click Go.

   A report appears, list the users that are granted the selected role.

4. Click Cancel to return to the Roles page.

To delete a role:

1. If you are not there, then become to the Roles page, as described in "Viewing Roles".

2. In the Select column, click the desired role, and so click Delete.

   A confirmation page appears.

3. Click Yes.

   A confirmation message indicates that the function has been deleted successfully.

Administering Database User Accounts

This department provides instructions for creating and managing user accounts for the people and applications that use your database. Information technology contains the following topics:

• Viewing User Accounts

• Example: Creating a User Business relationship

• Creating a New User Account by Duplicating an Existing User Account

• Example: Granting Privileges and Roles to a User Account

• Example: Assigning a Tablespace Quota to a User Account

• Example: Modifying a User Account

• Locking and Unlocking User Accounts

• Expiring a User Password

• Example: Deleting a User Account

Viewing User Accounts

You lot view user accounts on the Users folio of Oracle Enterprise Manager Database Command (Database Command).

To view users:

1. Become to the Database Dwelling house page, logging in with a user account that has privileges to manage users, for example, SYSTEM.

   See "Accessing the Database Dwelling house Page".

2. At the top of the page, click Server to view the Server subpage.

3. In the Security department, click Users.

   The Users page appears.

   
   Clarification of the illustration users_page.gif

4. To view the details of a particular user, in the Select column, click the user, and then click View.

   If you do not see the user, so information technology may be on another page. In this example, practice 1 of the post-obit:

   • But above the list of users, click Next to view the next page. Go along clicking Adjacent until you run into the desired user.

   • Use the Search area of the page to search for the desired user. In the Object Proper name field, enter the get-go few letters of the user name, and then click Go.

   • Click a table cavalcade to change the sort order of the data in the table. For instance, to listing the users in reverse alphabetical guild, click the UserName cavalcade heading.

   You tin can so select the user and click View.

   The View User folio appears, and displays all user attributes.

Example: Creating a User Business relationship

Suppose you desire to create a user business relationship for a database application programmer named Nick. Because Nick is a developer, you desire to grant him the database privileges and roles that he requires to build and test his applications. You also want to requite Nick a 10 MB quota on his default tablespace so that he tin create schema objects in that tablespace.

To create the user Nick:

1. Go to the Users folio, as described in "Viewing User Accounts".

2. On the Users page, click Create.

   The Create User page appears, displaying the General subpage.

   
   Description of the illustration create_user.gif

3. In the Proper name field, enter NICK.

4. In the Profile listing, accept the value DEFAULT.

   This setting assigns the default password policy to user Nick.

   See "Setting the Database Countersign Policy".

5. Have the default value Password in the Authentication list.

   For data about other more than advanced methods to authenticate users, see Oracle Database Security Guide.

6. In the Enter Password and Confirm Password fields, enter a password that is secure.

   Create a password that is secure. See Oracle Database Security Guide for more data.

7. Do non select Expire password now. If the account status is set to expired, then the user or the database administrator must change the password before the user tin can log in to the database.

8. (Optional) Next to the Default Tablespace field, click the flashlight icon, select the USERS tablespace, and and then click Select.

   All schema objects that Nick creates will and so exist created in the USERS tablespace unless he specifies otherwise. If you leave the Default Tablespace field blank, then Nick is assigned the default tablespace for the database, which is USERS in a newly installed database. For more information about the USERS tablespace, run into "Most Tablespaces".

9. (Optional) Side by side to the Temporary Tablespace field, click the flashlight icon, select the TEMP tablespace, and and then click Select.

   If you go out the Temporary Tablespace field bare, and then Nick is assigned the default temporary tablespace for the database, which is TEMP in a newly installed database. For more data about the TEMP tablespace, meet "Nearly Tablespaces".

10. For the Status pick, accept the default choice of Unlocked.

    You tin can later lock the user account to prevent users from logging in with information technology. To temporarily deny access to a user account, locking the user account is preferable to deleting information technology, considering deleting information technology also deletes all schema objects owned by the user.

11. Grant roles, system privileges, and object privileges to the user, every bit described in "Case: Granting Privileges and Roles to a User Account".

    Note:

    Exercise not click OK in Stride xiii of "Instance: Granting Privileges and Roles to a User Account". Instead, skip that step and proceed with Step 12 in this procedure.

12. Assign a 10 MB quota on the USERS tablespace, every bit described in "Example: Assigning a Tablespace Quota to a User Account".

13. If you did non click OK while assigning the tablespace quota (previous footstep), then click OK at present to create the user.

Creating a New User Business relationship by Duplicating an Existing User Business relationship

To create a user business relationship that is like in attributes to an existing user account, you can indistinguishable the existing user account.

To create a new user account by duplicating an existing user account:

1. Go to the Users page, every bit described in "Viewing User Accounts".

2. In the Select column, click the user to duplicate.

3. In the Deportment listing, select Create Like, and and then click Go.

   The Create User page appears. This folio displays a new user with the same attributes as the duplicated user.

4. Enter a user name and countersign, modify the user attributes or privileges if desired, then click OK to save the new user.

The Actions list as well provides shortcuts for other actions, and provides a fashion to display the SQL command used to create a user.

Example: Granting Privileges and Roles to a User Business relationship

Suppose you are creating or modifying a user business relationship named Nick. Because Nick is a database application programmer, y'all want to grant him the APPDEV role, which enables him to create database objects in his own schema. (Yous created the APPDEV role in "Example: Creating a Role".) Because you want Nick to be able to create tables and views in other schemas besides his own, you desire to grant him the CREATE Whatever Table and CREATE Whatsoever VIEW system privileges. In addition, because he is developing a human resources application, you want him to be able to view the tables in the hour sample schema and apply them as examples. You therefore want to grant him the SELECT object privilege on those tables. Finally, you desire Nick to be able to log in to Database Control then that he can use the graphical user interface to create and manage his database objects. You therefore want to grant him the SELECT_CATALOG_ROLE role. The following table summarizes the privileges and roles to grant to Nick.

Grant Type	Privilege or Role Proper name
System privileges	CREATE Whatsoever Table, CREATE Any VIEW
Object privileges	SELECT on all tables in the 60 minutes schema
Roles	APPDEV, SELECT_CATALOG_ROLE

The following example assumes that y'all are in the procedure of creating the user account for Nick or editing the account. Either you lot have accessed the Create User folio and have entered all required fields on the General subpage (see "Example: Creating a User Business relationship"), or you have accessed the Edit User page for Nick (meet "Case: Modifying a User Account"). The instance as well assumes that you have not all the same granted any privileges or roles to Nick.

To grant privileges and roles to the user Nick:

1. Toward the peak of the Create User or Edit User page, click Roles to display the Roles subpage.

   The Roles subpage shows that the CONNECT role is assigned to Nick. Database Control automatically assigns this function to all users that yous create. (The selected Default bank check box indicates that the CONNECT role is a default role for Nick, which means that it is automatically enabled whenever Nick logs in.)

2. Click Edit List.

   The Change Roles page appears.

   
   Clarification of the illustration modify_roles.gif

3. In the Bachelor Roles list, locate the APPDEV role, and double-click it to add it to the Selected Roles list. Practise the aforementioned with the SELECT_CATALOG_ROLE role and and so click OK.

   The Create User or Edit User page returns, showing that the CONNECT, APPDEV, and SELECT_CATALOG_ROLE roles are granted to Nick.

   Note:

   Double-clicking a role is a shortcut. You can also select the office and then click the Motility push. To select multiple privileges, hold down the Shift key while selecting a range of privileges, or press the Ctrl fundamental and select individual privileges.

4. Toward the top of the page, click Organization Privileges to select the System Privileges subpage.

5. Click Edit List.

   The Modify Organization Privileges page appears.

6. In the Bachelor System Privileges listing, gyre to locate the CREATE Whatever TABLE and CREATE Whatever VIEW privileges, double-click each to add together them to the Selected Organization Privileges list, and so click OK.

   The Create User or Edit User page returns, showing the newly added organisation privileges.

   Note:

   To revoke a role, double-click it in the Selected Roles listing on the Change Roles page. To revoke a system privilege, double-click information technology in the Selected System Privileges list on the Change System Privileges page.

7. Toward the superlative of the page, click Object Privileges to select the Object Privileges subpage.

8. In the Select Object Type list, select Table and then click Add together.

   The Add together Table Object Privileges page appears.

   
   Description of the illustration add_object_privileges.gif

9. Click the flashlight icon next to the Select Tabular array Objects list.

   The Select Tabular array Objects dialog box appears.

10. In the Schema list, select HR , and so click Get.

    All tables in the hr schema are displayed.

    
    Description of the analogy select_table_objects.gif

11. Click Select All, so click the Select button.

    The Select Tabular array Objects dialog box closes, and the names of all tables in the hr schema appear in the Select Tabular array Objects field on the Add Table Object Privileges page.

12. In the Available Privileges list, double-click the SELECT privilege to move information technology to the Selected Privileges listing, and so click OK.

    The Create User or Edit User page returns, showing that the SELECT object privilege for all 60 minutes tables is granted to user Nick.

    Note:

    To revoke an object privilege, select it on the Create User or Edit User page (Object Privileges subpage), and so click Delete.

13. Practise one of the post-obit to save the function and privilege grants:

    • If you are creating a user account, so click OK to save the new user account.

    • If you are modifying a user business relationship, then click Apply to salvage the changes for the user account.

Example: Assigning a Tablespace Quota to a User Account

Suppose you are creating or modifying a user account named Nick. You want to assign Nick a space usage quota of 10 MB on his default tablespace.

You must assign Nick a tablespace quota on his default tablespace before he tin create objects in that tablespace. (This is also true for whatsoever other tablespace in which Nick wants to create objects.) After a quota is assigned to Nick for a particular tablespace, the total infinite used by all of his objects in that tablespace cannot exceed the quota. You lot tin can as well assign a quota of UNLIMITED.

The following case assumes that y'all are in the process of creating the user account for Nick or editing the account. Either yous have accessed the Create User page and have entered all required fields on the Full general subpage (come across "Example: Creating a User Account"), or you lot accept accessed the Edit User page for Nick (see "Instance: Modifying a User Account"). The example besides assumes that Nick has not even so been assigned a quota on any tablespaces.

To assign a tablespace quota to user Nick:

1. Toward the pinnacle of the Create User or Edit User folio, select the Quotas subpage.

   The Quotas subpage appears, showing that user Nick does not have a quota assigned on whatever tablespace.

   
   Description of the illustration quotas.gif

2. In the Quota column for tablespace USERS, select Value from the list.

3. In the Value column for tablespace USERS, enter 10 .

4. Practise one of the following to save the new quota assignment:

   • If you are creating a user account, and then click OK to save the new user account.

   • If you lot are modifying a user account, and so click Apply to relieve changes for the user account.

Example: Modifying a User Account

Suppose you want to remove the quota limitations for the user Nick on his default tablespace, USERS. To do and then, you must modify his user account.

To modify the user Nick:

1. Go to the Users page, as described in "Viewing User Accounts".

2. In the Select column, select the user business relationship Nick, and then click Edit.

   If you lot do not see user Nick, then he may be on another page. In this instance, do 1 of the following:

   • Just above the list of user accounts, click Next to view the next folio. Continue clicking Adjacent until you see the user account for Nick.

   • Employ the Search surface area of the page to search for his business relationship. In the Object Proper noun field, enter the letters NI, and so click Go.

   You can then select the user business relationship for Nick and click Edit.

   The Edit User page appears, and displays the general attributes for Nick.

3. Toward the top of the page, select the Quotas subpage.

4. In the Quota cavalcade for tablespace USERS, select Unlimited from the list, and so click Apply.

   A message appears, indicating that user Nick was modified successfully.

Locking and Unlocking User Accounts

To temporarily deny access to the database for a particular user account, you can lock the user account. If the user then attempts to connect, then the database displays an mistake message and does not allow the connexion. You tin can unlock the user account when you want to permit database access once again for that user.

To lock or unlock a user account:

1. Go to the Users page, as described in "Viewing User Accounts".

2. In the Select column, click the desired user business relationship.

   If you practise not see the desired user account, and then it may be on some other page. In this case, use the Next button to view additional pages or use the Search surface area of the folio to search for the desired user account.

3. Do one of the following:

   • To lock the business relationship, select Lock User from the Actions list, and then click Go.

   • To unlock the account, select Unlock User from the Actions list, and then click Go.

   A confirmation message appears.

4. Click Yes.

Expiring a User Password

When you lot expire a user password, the user is prompted to change his or her password the next fourth dimension that user logs in. Reasons to elapse a password include the following:

• A user countersign becomes compromised.

• You have a security policy in place that requires users to change their passwords on a regular basis.

  Note:

  You can automate the automatic expiring of user passwords after a sure interval. Run across "Setting the Database Password Policy".

• A user has forgotten his or her password.

  In this third case, y'all modify the user account, assign a new temporary password, and expire the password. The user then logs in with the temporary password and is prompted to cull a new password.

To expire a user password:

1. Become to the Users page, as described in "Viewing User Accounts".

2. In the Select cavalcade, click the desired user business relationship.

   If you exercise non see the desired user account, so information technology may be on another page. In this instance, do i of the following:

   • Just in a higher place the list of user accounts, click Side by side to view the adjacent page. Go on clicking Next until yous see the desired user account.

   • Employ the Search area of the folio to search for the desired user account. In the Object Proper noun field, enter the first few letters of the user business relationship name, so click Get.

   You lot can and then select the user account.

3. To expire the passwords for all users, select the Multiple pick, and then click Select All.

4. Select Elapse Password from the Actions listing, and then click Become.

   A confirmation message appears.

5. Click Yep to complete the job.

Example: Deleting a User Business relationship

Suppose user Nick has moved to another department. Considering information technology is no longer necessary for him to take admission to the database, you want to delete his user account.

You must utilize circumspection when deciding to deleting a user business relationship, considering this action also deletes all schema objects owned by the user. To prevent a user from logging in to the database while keeping the schema objects intact, lock the user business relationship instead. See "Locking and Unlocking User Accounts".

To delete user Nick:

1. Get to the Users page, equally described in "Viewing User Accounts".

2. In the Select column, select the user business relationship Nick, and so click Delete.

   If you do not run across the user account Nick, then information technology may exist on another page. In this case, do one of the post-obit:

   • Just above the listing of user accounts, click Next to view the adjacent page. Keep clicking Next until you lot see the user account for Nick.

   • Use the Search area of the page to search for the user account. In the Object Name field, enter the letters NI, then click Become.

   Y'all can then select the user account for Nick and click Delete.

   A confirmation folio appears.

3. Click Yes to confirm the deletion of the user account.

Setting the Database Password Policy

This department provides groundwork information and instructions for setting the password policy for all user accounts in the database. It contains the post-obit topics:

• About Password Policies

• Modifying the Default Password Policy

About Password Policies

When you create a user account, a default password policy is assigned to that user account. The default password policy for a newly installed database includes these directives:

• The password for the user account expires automatically in 180 days.

• The user business relationship is locked vii days later on countersign expiration.

• The user account is locked for 1 day later on x failed login attempts.

The default password policy is assigned to user accounts through a database object called a profile. Each user business relationship is assigned a profile, and the profile has several attributes that describe a password policy. The database comes with a default profile (named DEFAULT), and unless y'all specify otherwise when you create a user account, the default profile is assigned to the user business relationship.

For amend database security, yous may desire to impose a more strict password policy. For example, yous may want passwords to expire every 70 days, and you may want to lock user accounts afterwards three failed login attempts. (A failed login attempt for a user account occurs when a user enters an incorrect password for the business relationship.) Y'all may also want to crave that passwords be complex enough to provide reasonable protection against intruders who effort to intermission into the organization past guessing passwords. For example, you might specify that passwords must contain at least ane number and one punctuation marker.

Yous change the countersign policy for every user account in the database by modifying the countersign-related attributes of the DEFAULT profile.

Note:

It is possible to take dissimilar countersign policies for unlike user accounts. You achieve this past creating multiple profiles, setting password-related attributes differently for each contour, and assigning different profiles to dissimilar user accounts. This scenario is not addressed in this section.

Modifying the Default Password Policy

Y'all alter the default countersign policy for every database user account by modifying the password-related attributes of the contour named DEFAULT.

To modify the default password policy:

1. Go to the Database Home page.

   Meet "Accessing the Database Home Page".

2. At the elevation of the page, click Server to view the Server subpage.

3. In the Security department, click Profiles.

   The Profiles page appears.

4. In the Select column, select the contour named DEFAULT , and so click Edit.

   The Edit Profile page appears.

5. Toward the top of the folio, select the Password subpage.

   
   Description of the analogy edit_profile.gif

6. Change field values as required. Click the flashlight icon next to each field to view a listing of choices. (Click Help on this page for a description of the fields.)

7. Click Employ to salve your changes.

Are Databases Owned by a Login or a User?

DOWNLOAD HERE

Source: https://docs.oracle.com/cd/E11882_01/server.112/e10897/users_secure.htm

Posted by: quinlanalime1967.blogspot.com

Share this post