创建和管理用户数据库用户账户
数据库用户
每个数据库用户账户都包括以下项:
唯一的用户名 验证方法 默认表空间 临时表空间 用户概要文件 初始使用者组 账户状态
Schema:数据库用户账户所拥有的对象的集合
和用户账户名称相同
预定义的账户
SYS:被授予DBA角色,具有ADMIN OPTION的所有权限
执行启动、关闭和某些维护命令时需要使用的账户
拥有数据字典和自动工作量资料档案库
SYSTEM被授予DBA,MGMT_USER,和AQ_ADMINISTRATOR_ROLE角色
DBSNMP被授予OEM_MONITOR角色。 监控的角色
SYSMAN被授予MGMT_USER,RESOURCE
正常的使用数据库时不要用这些用户,使用数据库要创建用户
验证用户:口令,外部验证,全局验证
管理员
操作系统安全性:DBA必须具有创建和删除文件的操作系统权限,普通用户不应具有
管理员安全性:对于SYSDBA,SYSOPER,SYSASM连接
使用口令文件和严格验证方法时,按名称审计DBA用户
使用操作系统验证时,审计操作系统账户名
对于授予用户,操作系统验证优先于口令文件验证
口令文件使用区分大小写
解除用户账户的锁定并重置口令
expired 代表密码过期了
SQL> conn hr/hr
ERROR:
ORA-28000: the account is locked
Warning: You are no longer connected to ORACLE.
SQL> conn / as sysdba
Connected.
SQL> alter user hr account unlock;
User altered.
SQL> conn hr/hr
Connected.
drop user oaec 只删除用户 drop user oaec cascade 级联删除,用户和用户创建所有的对象都会被删除
SQL> CREATE USER OAEC IDENTIFIED BY OAEC DEFAULT TABLESPACE OAEC TEMPORARY TABLESPACE TEMP ACCOUNT UNLOCK;
User created. 创建一个OAEC的用户密码为OAEC,指定默认的表空间叫OAEC 临时表空间TEMP,创建好后直接就可以连接
SQL> CONN OAEC/OAEC
ERROR:
ORA-01045: user OAEC lacks CREATE SESSION privilege; logon denied
SQL> conn / as sysdba
Connected.
SQL>
SQL> grant create session to oaec; 把connect 角色给OAEC
Grant succeeded.
SQL> grant connect to oaec;
Grant succeeded.
SQL> conn / as sysdba
Connected.
SQL> show user
USER is "SYS"
SQL> conn OAEC/OAEC
Connected.
SQL> show user
USER is "OAEC"
SQL> conn / as sysdba
Connected.
SQL> select dbms_metadata.get_ddl('USER','OAEC') from dual;
DBMS_METADATA.GET_DDL('USER','OAEC')
--------------------------------------------------------------------------------
CREATE USER "OAEC" IDENTIFIED BY VALUES 'S:48478C413FBB71DFFA3536C25729C0019
SQL> set long 1000
SQL> /
DBMS_METADATA.GET_DDL('USER','OAEC')
--------------------------------------------------------------------------------
CREATE USER "OAEC" IDENTIFIED BY VALUES 'S:48478C413FBB71DFFA3536C25729C0019F
0D7C0898832DFD5B868B0F725A;694157017B4CC333'
DEFAULT TABLESPACE "OAEC"
TEMPORARY TABLESPACE "TEMP"
默认的profile可以去数据字典查
SQL> desc dba_users
Name Null? Type
----------------------------------------- -------- ----------------------------
USERNAME NOT NULL VARCHAR2(30)
USER_ID NOT NULL NUMBER
PASSWORD VARCHAR2(30)
ACCOUNT_STATUS NOT NULL VARCHAR2(32)
LOCK_DATE DATE
EXPIRY_DATE DATE
DEFAULT_TABLESPACE NOT NULL VARCHAR2(30)
TEMPORARY_TABLESPACE NOT NULL VARCHAR2(30)
CREATED NOT NULL DATE
PROFILE NOT NULL VARCHAR2(30)
INITIAL_RSRC_CONSUMER_GROUP VARCHAR2(30)
EXTERNAL_NAME VARCHAR2(4000)
PASSWORD_VERSIONS VARCHAR2(8)
EDITIONS_ENABLED VARCHAR2(1)
AUTHENTICATION_TYPE VARCHAR2(8)
SQL> SELECT USERNAME,ACCOUNT_STATUS,PASSWORD,LOCK_DATE,EXPIRY_DATE,DEFAULT_TABLESPACE,TEMPORARY_TABLESPACE,CREATED,PROFILE FROM DBA_USERS WHERE USERNAME='OAEC';
USERNAME
--------------------
ACCOUNT_STATUS
----------------------------------------------------------------
PASSWORD LOCK_DATE EXPIRY_DATE
-------------------- -------------------- --------------------
DEFAULT_TABLESPACE TEMPORARY_TABLESPACE CREATED
-------------------- -------------------- --------------------
PROFILE
--------------------
OAEC
OPEN
USERNAME
--------------------
ACCOUNT_STATUS
----------------------------------------------------------------
PASSWORD LOCK_DATE EXPIRY_DATE
-------------------- -------------------- --------------------
DEFAULT_TABLESPACE TEMPORARY_TABLESPACE CREATED
-------------------- -------------------- --------------------
PROFILE
--------------------
OAEC TEMP 2018-09-02 20:05:51
DEFAULT
SQL> desc database_properties
Name Null? Type
----------------------------------------- -------- ----------------------------
PROPERTY_NAME NOT NULL VARCHAR2(30)
PROPERTY_VALUE VARCHAR2(4000)
DESCRIPTION VARCHAR2(4000)
SQL> select PROPERTY_NAME,PROPERTY_VALUE from database_properties
2 where property_name in('DEFAULT_PERMANENT_TABLESPACE','DEFAULT_TEMP_TABLESPACE');
PROPERTY_NAME
------------------------------------------------------------
PROPERTY_VALUE
--------------------------------------------------------------------------------
DEFAULT_TEMP_TABLESPACE 当前对于数据库这个级别来说,数据库默认的临时表空间
TEMP2
DEFAULT_PERMANENT_TABLESPACE 数据库默认永久表空间
USERS
SQL> SELECT NAME FROM V$TABLESPACE
2 ;
NAME
------------------------------------------------------------
SYSTEM
SYSAUX
UNDOTBS1
USERS
TEMP
EXAMPLE
UNDOTBS2
TEMP2
BIG_TBS
TTTT
OAEC
11 rows selected.
ALTER DATABASE DEFAULT TABLESPACE OAEC; 修改数据库的默认表空间OAEC
创建临时表空间
SQL> SELECT NAME FROM V$DATAFILE;
NAME
--------------------------------------------------------------------------------
/u01/app/oracle/oradata/orcl/system01.dbf
/u01/app/oracle/oradata/orcl/sysaux01.dbf
/u01/app/oracle/oradata/orcl/undotbs01.dbf
/u01/app/oracle/oradata/orcl/users01.dbf
/u01/app/oracle/oradata/orcl/example01.dbf
/u01/app/oracle/oradata/orcl/user02.dbf
/u01/app/oracle/oradata/orcl/ORCL/datafile/o1_mf_users_9811v919_.dbf
/u01/app/oracle/oradata/orcl/undotbs2_01.dbf
/u01/app/oracle/oradata/orcl/bigtbs.dbf
/u01/app/oracle/oradata/orcl/ORCL/datafile/o1_mf_tttt_frq6lj84_.dbf
/u01/app/oracle/oradata/orcl/ORCL/datafile/o1_mf_oaec_frqnjt6n_.dbf
11 rows selected.
SQL> CREATE TEMPORARY TABLESPACE TEMP3 TEMPFILE '/u01/app/oracle/oradata/orcl/temp2.dbf' size 10M;
Tablespace created.
修改用户oaec的密码为oaec
SQL> alter user oaec identified by oaec;
User altered.
删除用户
SQL> conn / as sysdba
Connected.
SQL> grant resource to oaec;
Grant succeeded. 给用户赋予创建权限
SQL> conn oaec/oaec
Connected.
SQL> show user;
USER is "OAEC"
SQL> create table t as select * from user_tables;
Table created.
SQL> conn / as sysdba
Connected.
SQL> drop user oaec;
drop user oaec
*
ERROR at line 1:
ORA-01922: CASCADE must be specified to drop 'OAEC' 不能删除,OAEC下有对象这时候就删不掉用户想删除必须加cascade
SQL> drop user oaec cascade;
User dropped.
外部验证:
SQL> show parameter os_authent_prefix
NAME TYPE
------------------------------------ ----------------------
VALUE
------------------------------
os_authent_prefix string
ops$
想要使用外部验证必须使用ops$
SQL> create user ops$oracle identified externally;
User created.
SQL> grant connect to ops$oracle; 给用户连接权限
Grant succeeded.
SQL> conn /
Connected.
在windows cmd窗口下使用外部验证 必须:
show parameter remote
把remote_os_authent 状态打开
这样不仅可以验证本地的,还可以验证客户端的用户。