Sucurity domain : The database administrator defines the names of the users allowed to access a database. A security domain defines the settings that appley to the users.
Authentication mechanism : A user who needs access to the database can be authenticated by one of the following :
- data dictionary
- operating system
- netwrok
Tablespace quotas : Tablespace quotas control the amount of physical storage space allocated to a user in the tablespaces in the database.
Default Tablespace : The default tablespace defines the location where segments created by a user are stored if the user does not explicitly specify a tablespace at the time the segment is created.
Temporary Tablespace : Temporary tablespace defines where extents will be allocated by the Oracle server if the user performs an operation that requires writing sort data to the disk.
Account Locking : Accounts can be locked to prevent a user from logging on the database. This can be set to occur automatically, or the database administrator can lock or unlock accounts manually.
Resource Limits : Limits can be placed on the use of resources such as CPU time, logical I/O, and the number of sessions opened by a user.
Direct Privileges : Privileges are used to control the actions a user can perform in a database.
Role Privileges : A user can be granted privileges indirectly throuth the use of roles
如果用户在创建时没有指定缺省表空间,则默认是 SYSTEM 表空间。一般不要使用系统表空间
1: create user leon
2: identified by pass_leon
3: default tablespace USERDATA02
4: temporary tablespace TEMP
5: quota 15m on userdata02
6: password expire;
大部分用户都使用数据库认证,就是上边的认真。(操作系统认证不需要输入密码 )
大量的脚本运行,这样,登录数据库系统不需要口令,脚本就不会停止在需要输入口令的地方。
如果操作系统的用户名为 aaron, 那么存储在系统中的用户名为 OPS$aaron (在数据库中创建用户时,要写 create user OPS$aaron )
因为如果在系统中创建一个普通用户SYS,虽然SYS在操作系统中是一个普通用户,但是如果它在数据库中就有管理员权限,所以才要加上一个另外的符号。例如缺省的 OPS$, 这样,即便你是 SYS 用户,登录进来也只是 OPS$SYS, 不是管理员。
然后,当操作系统用户 aaron 想登录到系统时,只需要输入 SQLPLUS / 就可以直接登录了
也可以远端认证( 操作系统 ), 但是,一般不这么做,太不安全。
数据字典
DBA_USERS
DBA_TS_QUOTAS