User Management

Users and Schema
Creating, Altering, Dropping Users
Profiles
Privileges
Sessions
3. .
7. Users and Schema
9. User is an account who could access the database, if granted
10. appropriate privileges and could create objects if granted appropriate
11. privileges to do so by the dba
13. Schema is the name of the user and generally refers to set
14. of objects (table,view,stored procedure) created/owned by the
15. user.
17. Objects are fully qualified as <schema_name>.<object_name>
18. objects are accesed by a user by just specifying the object name,
19. however to access the objects created by other user (if he has appropriate privileges)
20. he has to fully qualify him like this <other_users_schema>.<object_name>
21. .
25. Creating, Altering, Dropping Users
28. Creation Of User, below is the general syntax for creation users
29. CREATE USER <username> IDENTIFIED BY <password> | EXTERNALLY | GLOBALLY
30. DEFAUTL TABLESPACE <tablespace_name>
  1. TEMPORARY TABLESPACE <temporary_tablespace_name>
  2. QUOTA UNLIMITED ON <tablespace_name>
  3. QUOTA 100M ON <tablespace_name>
  4. PROFILE regular
  5. PASSWORD EXPIRE
  6. ACCOUNT UNLOCK|LOCK
32. Parameter in detail

2. Altering Users i.e modifying user's settings
4. Normal operation that are performed on Users are like changing the
5. password, selecting default tablespace for the user, granting particular
6. amount of quota to user on certain tablespace. Then we could lock the
7. user account, unlock it, change the profile of the user.
9. Check out the below self explanatory examples
11. ALTER USER ron IDENTIFIED BY <new password>;
13. ALTER USER myuser
14. DEFAULT TABLESPACE <tablespace Name>
15. TEMPORARY TABLESPACE <temporary tablespace Name>
16. QUOTA 500M ON <tablespace name>
17. QUOTA 5M ON <other tablespace Name>
19. ALTER USER ron ACCOUNT LOCK;
20. ALTER USER ron ACCOUNT UNLOCK;
21. ALTER USER ron PASSWORD EXPIRE;
22. ALTER USER PROFILE <NEW PROFILE>;
24. To drop user,
26. DROP USER ron cascade
28. cascade option drops any object created/owned by the user here its ron
30. .
33. Profiles
35. Profile is collection of rules.
37. Rules contains the follwing
39. Kernel Limitations : This includes the following
  1. sessions_per_user
  2. cpu_per_session
  3. cpu_per_call
  4. logical_reads_per_session
  5. logical_reads_per_call
  6. idle_time
  7. connect_time
  8. private_sga
  9. composite_limit
41. Password Management : This includes the following

- 1. failed_login_attempts
  2. password_life_time
  3. password_reuse_time
  4. password_reuse_max
  5. password_verify_function
  6. password_lock_time
  7. password_grace_time

2. If no profile is specified during the account creation, user gets the default profile.
4. To check the contents/rules of the default profile
6. desc dba_profiles
8. select resource_name,limit from dba_profiles where profile='DEFAULT'
10. To assign a specific profile to user
12. alter user <user_name> profile <profile_name>
13. Lets See how to create new profiles.
14. create profile SECURE
15. limit
16. sessions_per_user 2
17. cpu_per_session 10000
18. cpu_per_call 1
19. connect_time unlimited
20. idle_time 30
21. logical_reads_per_session default
22. logical_reads_per_call default
23. private_sga 20M
24. failed_login_attempts 3
25. password_life_time 30
26. password_reuse_time 12
27. password_reuse_max unlimited
28. password_lock_time default
29. password_grace_time 2
30. password_verify_function null
31. /
32. To enable the password verify function execute @?/rdbms/admin/utlpwdmg.sql
33. After which you could assign the password verify function to a profile
34. ALTER PROFILE <profile_name> limit PASSWORD_VERIFY_FUNCTION VERIFY_FUNCTION;
36. Privileges
38. After user is created, you need to give the user explicit permission to
39. connect to database to create session with the database. then to
40. create table he should be granted create table privilege
42. Other way is to grant roles, roles are database objects and are collection
43. of privileges predefined roles
45. For example 'connect' and 'resouce,'
47. To check the components of the connect role
49. select * from dba_sys_privs where grantee='CONNECT';
51. To grant roles to user
53. grant connect,resource to ron
55. To check Privilege of existing user, i.e
57. To check if user has system privileges
59. select * from dba_sys_privs where grantee='<USERNAME>';
61. To check if user has roles granted
63. select * from dba_role_privs where grantee='<USERNAME>';
65. To check if user has permission on table objects
67. select * from dba_tab_privs where grantee='<username>';
70. To check quota for user on tablespaces
72. select username,tablespace_name,bytes/1024/1024 from dba_ts_quotas
75. .
77. Sessions
79. Sometime it is required to kill of the session.
81. Query the v$session view to get the information about the sessions
83. select sid,serial#, osuser,username, from v$session
85. After getting the required session check the sid and serial number of the session to be killed
87. execute the following command to kill the session.
89. alter system kill session '<sid>.<serial#>'
92. =============================================================================================
96. To get the database default settings, you could query the database_properties view.
97. sql>select * from database_properties

9. select u.username
10. ,'alter user '||u.username||' identified by values '''||s.spare4||''';' cmd
11. from dba_users u
12. join sys.user$ s
13. on u.user_id = s.user#
14. where u.username = upper('&used');