1. Oracle安装完成后的用户名和密码
sys/change_on_install
system/manager
scott/tiger
sysman/oem_temp
internal/oracle
2.修改用户的密码
SQL> conn sys/change_on_install as sysdba
Connected.
SQL> alter user sys identified by ******;
User altered.
3.为用户解锁
SQL> conn scott/tiger
ERROR:
ORA-28000: the account is locked
Warning: You are no longer connected to ORACLE.
SQL>conn sys/change_on_install as sysdba
Connected.
SQL> alter user scott account unlock;
User altered.
锁定用户:
SQL> alter user scott account lock;
4.查看所有用户:
select * from dba_users;
select * from all_users;
select * from user_users;
5.查看用户或角色系统权限:
select * from dba_sys_privs;
select * from user_sys_privs;
6.查看用户对象权限:
select * from dba_tab_privs;
select * from all_tab_privs;
select * from user_tab_privs;
7..查看所有角色:
select * from dba_roles;
8.查看用户或角色所拥有的角色:
select * from dba_role_privs;
select * from user_role_privs;
9.创建用户
SQL> create user kevin identified by password
2 default tablespace users
3 temporary tablespace temp
4 quota 10M on users;
User created.
SQL> conn kevin/password
ERROR:
ORA-01045: user KEVIN lacks CREATE SESSION privilege; logon denied
SQL> grant create session to kevin; //授权用户可以连接数据库
Grant succeeded.
10.授权用户connect和resource角色
SQL> grant connect to kevin;
Grant succeeded.
SQL> grant resource to kevin;
Grant succeeded.
SQL> grant connect,resource to kevin;
Grant succeeded.
11.查看connect和resource的权限
SQL> select * from dba_sys_privs where grantee='CONNECT';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
CONNECT ALTER SESSION NO
CONNECT CREATE CLUSTER NO
CONNECT CREATE DATABASE LINK NO
CONNECT CREATE SEQUENCE NO
CONNECT CREATE SESSION NO
CONNECT CREATE SYNONYM NO
CONNECT CREATE TABLE NO
CONNECT CREATE VIEW NO
8 rows selected.
SQL> select * from dba_sys_privs where grantee='RESOURCE';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
RESOURCE CREATE TRIGGER NO
RESOURCE CREATE SEQUENCE NO
RESOURCE CREATE TYPE NO
RESOURCE CREATE PROCEDURE NO
RESOURCE CREATE CLUSTER NO
RESOURCE CREATE OPERATOR NO
RESOURCE CREATE INDEXTYPE NO
RESOURCE CREATE TABLE NO
8 rows selected.
CONNECT角色:--是授予最终用户的典型权利,最基本的
ALTER SESSION --修改会话
CREATE CLUSTER --建立聚簇
CREATE DATABASE LINK --建立数据库链接
CREATE SEQUENCE --建立序列
CREATE SESSION --建立会话
CREATE SYNONYM --建立同义词
CREATE VIEW --建立视图
RESOURCE角色:--是授予开发人员的
CREATE CLUSTER --建立聚簇
CREATE PROCEDURE --建立过程
CREATE SEQUENCE --建立序列
CREATE TABLE --建表
CREATE TRIGGER --建立触发器
CREATE TYPE --建立类型
CREATE INDEXTYPE --建立索引类型
CREATE OPERATOR --建立操作符
12.授权用户对表的操作权限
SQL> grant alter any table to kevin; //授权Kevin用户可以访问任何表
Grant succeeded.
SQL> grant alter,insert,update on scott.emp to kevin; //授权用户kevin修改,插入,更新表emp的权限
SQL> grant create session, create table to kevin with admin option;
Grant succeeded.
SQL> grant alter,insert,update on scott.emp to kevin with grant option;
Grant succeeded.
13.with admin option 和with grant option的区别
WITH ADMIN OPTION
enables the grantee to grant the system privilege or role to other users or roles
如果撤销Kevin的system privilege,James的system privilege权限还存在
WITH GRANT OPTION
enables the grantee to grant the object privilege to other users or roles
如果撤销Kevin的object privilege,James的system privilege权限也被撤销
14.删除用户:
SQL> drop user kevin;
User dropped.
15.创建和删除角色
SQL> create role myrole;
Role created.
SQL> drop role myrole;
Role dropped.
16.将角色绑定到用户
SQL> grant myrole to kevin;
Grant succeeded.
17.创建概要文件(Profile)
创建一个用户只能访问三次(密码错误)的概要文件
create profile myprofile limit
sessions_per_user default
cpu_per_session default
cpu_per_call default
connect_time default
idle_time default
logical_reads_per_session default
logical_reads_per_call default
composite_limit default
private_sga default
failed_login_attempts default
password_life_time default
password_reuse_time default
password_reuse_max default
password_lock_time 3
password_grace_time default
password_verify_function null;
18.将概要文件绑定至用户
create user kevin1 identified by t profile myprofile;