配置网络服务名:
打开Net Manager
选择服务名,点击“+”号
网络服务名:remote
协议:tcp/ip
主机名:ip地址
端口号:1521
服务名:全局数据库名
sys用户:oracle的一个超级用户:主要用来维护系统和管理实例(要用sysDBA/sysorpe)
system用户:oracle默认的系统管理员:管理oracle数据库的用户、权限和存储(normal方式登录)
sys超级用
system
scott/kikiwen
若scott/tiger用户被锁
conn sys/kikiwen as sysdba
alter user scott account unlock;--解锁
conn scott/kikiwen --弹出一个修改密码的对话框,修改一下密码就可以
修改sys和system用户密码
进入sqlplus进行密码重置
sqlplus/as sysdba
空
alter user sys identity by oeacle;
conn sys/oracle as sysdba;
alter user system identity by oracle;
系统权限和对象权限
1.系统权限允许用户执行某些数据库操纵,如创建表就是一个系统权限
2.对象权限允许用户对数据库对象(如表、视图、序列)执行特定操纵
常用系统预定义角色
connect:临时用户
resource:更为可靠和正式的用户
DBA:数据库管理员角色,拥有管理数据库的最高权限
创建用户语法:
create user user_name
identified by password
[default tablespace tablespace_name]
分配权限或者角色
grant privileges or role to user;
撤销权限或角色
revoke privileges or role from user;
一、管理用户(managing users)
1.创建用户(数据库认真方式)(create a user : database authentication)
create user juncky
identified by oracle
default tablespace users
temporary tablespace
temp quota 10m/unlimited
on data password expire [ account lock | unock ] [ profile profilename | default ];
2.修改用户的表空间限额(change user quota on tablespace)
alter user juncky quota 0 on users;
3.删除用户(drop a user )
drop user juncky [ cascade ];
4.监控用户的视图(monitor user)
view:dba_users, dba_ts_quotas
二、管理权限(managing privileges)
1.系统权限(managing privileges)
view =>system_privilege_map ,dba_sys_privs,session_privs
2.授权系统权限(grant system privilege)
grant create session,create table to managers;
or
grant create sessionto scott with admin option;
with admin option can gran grant or revoke privilege from any user or role;
3.sysdba和sysoper的权限(sysdba and sysoper privileges:)
sysoper:startup,shtdown,alter database open | mount,alter database backup controlfile,alter tablespace
sysdba:sysoper privileges with admin option,create database,recover database until
4.口令文件成员视图(password file members:)
view:=v$pwfile_users
5.07_dictionary_accessibility = true
restriction access to view or tables in other schema
6.撤销系统权限(revoke system privilege)
revoke create table from karen;
or
revoke create session from scott;
7.授权对象权限(grant object privilege)
grant execute on dbms_pipe to public;
grant update(first_name,salary) on employee to karen with grant option;
8.显示对象权限的视图(display object privilege)
view =>dba_tab_privs,dba_col_privs
9.撤销用户的对象权限(revoke object privilege)
revoke execute on dbms_pipe from scott [ cascade constraints ];
10.审计记录视图(audit record view)
sys.aud$
11.保护审计线索(protecting the audit trail)
audit delete on sys.aud$ by access;
保护审计线索:应保护审计线索,以防添加,修改或删除审计信息。
发布以下,命令:
audit delete on sys.aud$ by access;
可防止审计线索未经授权即被删除;只有DBA才拥有delete_catalog_role角色
12.语句审计(statement auditing)
audit user;
13.权限审计(privilege auditing)
audit select any table by summit by access;
权限审计:该种审计执行操作应具有的相应系统权限进行选择性审计,如audit create any trigger. 可以设置权限审计对数据库中的所选用户或每个用户进行审计。
14.方案对象审计(schema object auditing)
sudit lock on summit.employee by access whenever successful;
方案对象审计:该种审计对待特定方案对象上的特定语句进行选择性审计,如 audit select on hr.employees.方案对象审计始终适用于所有数据库用户。
15.审计选项视图(view audit option)
view =>all_def_audit_opts,dba_stmt_audit_opts,dba_priv_audit_opts,dba_obj_audit_opts
16.设计结果视图(view audit result)
view=>dba_audit_trail,dba_audit_exists,dba_audit_object,dba_audit_session,dba_audit_statement
三、管理角色
复制代码
1.创建角色(create roles)
create role sales_clerk;
or
create role hr_clerk identified by bonus;
or
create role hr_manager identified externally;
2.修改角色(modify role)
alter role sales_clerk identified by commission;
or
alter role hr_clerk identified externally;
or
alter role hr_manager not identified;
3.分配角色(assigning roles)
grant sales_clerk to scott;
oe
grant hr_clerk to hr_manager;
or
grant hr_manager to scott with admin option;
4.建立缺省角色(establish default role)
alter user scott default role hr_clerk,sales_clerk;
or
alter user scott default role all;
or
alter user scott default fole all except hr_clerk;
or
alter user scott default role none;
5.允许和禁止角色(enable and disable roles)
set role hr_clerk;
or
set role sales_clerk identified by commission;
or
set role all except sales_clerk;
or
set role none;
6.撤销用户的角色(remove role from user)
revoke sales_clerk from scott;
or
revoke hr_manager from public ;
7.删除角色(remove role)
drop role hr_manager;
8.显示角色信息的视图(display role information)
view:=>dba_roles.dba_role_privs,role_role_privs,dba_sys_privs,role_sys_privs,role_tab_privs,session_roles
复制代码
语法:
1.2.创建用户
create user 用户名
identified by 密码
[default tablespace 用户名 tempporary tablespace 表空间] ;
1.3.用户授予权限
grant DBA to 用户名;