Oracle用户安全管理
一、创建和管理数据库用户帐户
1、每个数据库用户帐户都具有以下项目:
(1)唯一的用户名:不能超过30个字节,不能包含特珠字母,而且必须字母开头。
(2)验证方法:口令、外部验证、全局验证
(3)默认表空间:注意创建对象和设置空间限额要另外单独授权。
www.zzzyk.com
www.zzzyk.com
(4)临时表空间:用户可在其中创建临时对象(于排序和临时表)的表空间
(5)用户概要文件:分配给用户的一组资源与口令的限制。
(6)使用户组:由资源管理器使用。
(7)锁定状态:用户只能访问"未锁定"帐户。
www.zzzyk.com
2、创建用户帐户
CREATE USER gyj3
IDENTIFIED BY gyj3
DEFAULT TABLESPACE tp1
QUOTA 10M ON tp1
TEMPORARY TABLESPACE temp
--PROFILE app_user
--PASSWORDEXPIRE
--ACCOUNT LOCK;
建一个最简单的用户操作命令如下:
sys@OCM>CREATE USER gyj3
2 IDENTIFIED BY gyj3
3 DEFAULT TABLESPACE tp1
4 QUOTA 10M ON tp1
5 TEMPORARY TABLESPACE temp;
User created.
3、查询用户信息
sys@OCM>col username for a30
sys@OCM> col default_tablespace for a10
sys@OCM> col temporary_tablespace fora10
sys@OCM> selectusername,default_tablespace,temporary_tablespace,
to_char(created,'yyyy-mm-dd:hh24:mi:ss'),account_statusfrom dba_users;
to_char(created,'yyyy-mm-dd:hh24:mi:ss'),account_statusfrom dba_users;
USERNAME DEFAULT_TA TEMPORARY_TO_CHAR(CREATED,
'YY ACCOUNT_STATUS
'YY ACCOUNT_STATUS
------------------------------ -------------------- ------------------- --------------------------
MGMT_VIEW SYSTEM TEMP 2009-08-13:23:24:58 OPEN
SYS SYSTEM TEMP 2009-08-13:23:00:59 OPEN
SYSTEM SYSTEM TEMP 2009-08-13:23:00:59OPEN
DBSNMP SYSAUX TEMP 2009-08-13:23:06:35 OPEN
SYSMAN SYSAUX TEMP 2009-08-13:23:22:32 OPEN
GYJ3 TP1 TEMP 2013-03-01:10:51:33 OPEN
GYJ TP1 TEMP 2013-02-28:15:21:03 OPEN
OUTLN SYSTEM TEMP 2009-08-13:23:01:00 EXPIRED & LOCKED
FLOWS_FILES SYSAUX TEMP 2009-08-13:23:26:08 EXPIRED & LOCKED
MDSYS SYSAUX TEMP 2009-08-13:23:12:05 EXPIRED & LOCKED
ORDSYS SYSAUX TEMP 2009-08-13:23:12:05 EXPIRED & LOCKED
EXFSYS SYSAUX TEMP 2009-08-13:23:09:35 EXPIRED& LOCKED
WMSYS SYSAUX TEMP 2009-08-13:23:07:30 EXPIRED & LOCKED
APPQOSSYS SYSAUX TEMP 2009-08-13:23:06:36 EXPIRED & LOCKED
APEX_030200 SYSAUX TEMP 2009-08-13:23:26:09 EXPIRED & LOCKED
OWBSYS_AUDIT SYSAUX TEMP 2009-08-13:23:35:05 EXPIRED & LOCKED
ORDDATA SYSAUX TEMP 2009-08-13:23:12:05 EXPIRED & LOCKED
CTXSYS SYSAUX TEMP 2009-08-13:23:09:45 EXPIRED & LOCKED
ANONYMOUS SYSAUX TEMP 2009-08-13:23:10:12 EXPIRED & LOCKED
XDB SYSAUX TEMP 2009-08-13:23:10:12 EXPIRED & LOCKED
ORDPLUGINS SYSAUX TEMP 2009-08-13:23:12:05 EXPIRED & LOCKED
OWBSYS SYSAUX TEMP 2009-08-13:23:35:03 EXPIRED & LOCKED
SI_INFORMTN_SCHEMA SYSAUX TEMP 2009-08-13:23:12:05 EXPIRED
& LOCKED
& LOCKED
OLAPSYS SYSAUX TEMP 2009-08-13:23:18:04 EXPIRED & LOCKED
SCOTT USERS TEMP 2009-08-13:23:35:44 EXPIRED & LOCKED
ORACLE_OCM USERS TEMP 2009-08-13:23:02:20 EXPIRED & LOCKED
XS$NULL USERS TEMP 2009-08-13:23:11:44 EXPIRED & LOCKED
BI USERS TEMP 2013-02-27:23:11:56 EXPIRED & LOCKED
PM USERS TEMP 2013-02-27:23:11:56 EXPIRED & LOCKED
MDDATA USERS TEMP 2009-08-13:23:19:11 EXPIRED & LOCKED
IX USERS TEMP 2013-02-27:23:11:56 EXPIRED & LOCKED
SH USERS TEMP 2013-02-27:23:11:56 EXPIRED & LOCKED
DIP USERS TEMP 2009-08-13:23:01:49 EXPIRED & LOCKED
OE USERS TEMP 2013-02-27:23:11:56 EXPIRED & LOCKED
APEX_PUBLIC_USER USERS TEMP 2009-08-13:23:26:09EXPIRED
& LOCKED
& LOCKED
HR USERS TEMP 2013-02-27:23:11:56 EXPIRED & LOCKED
SPATIAL_CSW_ADMIN_USR USERS TEMP 2009-08-13:23:22:20 EXPIRED
& LOCKED
& LOCKED
SPATIAL_WFS_ADMIN_USR USERS TEMP 2009-08-13:23:22:15 EXPIRED
& LOCKED
& LOCKED
二、授予和撤销权限
1、权限分为两大类,系统权限和对象权限
(1)系统权限:允许用户在数据库中执行特定的操作
A、SYSDBA/SYSOPER这两个权限比较特殊
gyj@OCM> select * from dba_sys_privs where granteein('SYSDBA',
'SYSOPER');
'SYSOPER');
no rows selected
B、DBA的系统权限是可以查到的
gyj@OCM> select * from dba_sys_privs where grantee='DBA';
GRANTEE PRIVILEGE ADM
---------------------------------------------------------------------- ---
DBA DROP ANY CUBE BUILD PROCESS YES
DBA CREATE CUBE YES
DBA ALTER ANY CUBE DIMENSION YES
DBA ALTER ANY MINING MODEL YES
(中间结果省略)
…………………………..
202 rows selected.
C、普通用户的系统权限
gyj@OCM> select * fromdba_sys_privs where grantee='GYJ';
GRANTEE PRIVILEGE ADM
------------------------------ -------------------------------------------
GYJ UNLIMITED TABLESPACE NO
D、 当前会话上的系统权限
gyj@OCM> select * from session_privs;
PRIVILEGE
----------------------------------------
ALTER SYSTEM
AUDIT SYSTEM
CREATE SESSION
ALTER SESSION
RESTRICTED SESSION
(中间结果省略)
……………………………
202 rows selected.
(2)对象权限:允许用户访问和操纵特定的对象
A、查对象权限
gyj@OCM> select * fromdba_tab_privs where grantee='GYJ';
no rows selected
B、查对象上列的权限
gyj@OCM>select * from dba_col_privs wheregrantee='GYJ';
no rows selected
为什么没显示对象的权限和对象上列的权限呢,用户GYJ明明有对象的呀:
gyj@OCM> show user;
USER is "GYJ"
gyj@OCM> select table_name from tabs;
TABLE_NAME
------------------------------
T10
好,我登录到HR用户下给GYJ用户授对象权限
sys@OCM> conn hr/hr
Connected.
hr@OCM> grant select on employees togyj;
Grant succeede
- 更多Oracle疑问解答:
- 运行exp备份oracle数据库提示oracle-12154错误
- 有没有,生产Oracle Rman 备份脚本的工具啊!
- 初学orcle,希望有大大帮忙解说一下详细步骤,从登录oracle到创建表的过程
- oracle语句问题:一张user表,三个字段,id,name,time,插入记录比如:张三2007,李四2008,张三2011
- 如何写一个ORACLE触发器同步两个表中的数据?
- oracle 如何查看一个服务器上有多少个数据库.
- oracle 创建包的时候错误 求解
- oracle 重复列的问题
- oracle 中如何查处2星期前的数据
- 请教oracle数据库安装中的问题
- 请问谁能提供给我标准的oracle ERP的数据库表结构并详细说明各表主要的作用?
- 安装oracle遇到的问题 invalid entry CRC (expected 0x3e12e795 but got 0x9db0e9fd)
- 我的是ORACLE 10G,在RMAN中如何按指定的时间恢复数据文件啊?
- oracle为什么没有自动增长列
- oracle快捷键都有哪些啊?