SQL> conn /as sysdba
Connected to Oracle Database 11g Express Edition Release 11.2.0.2.0
Connected as scott AS SYSDBA
1)创建用户
使用scott,dba 登录
SQL> create user ice identified by tiger;
User created
2)显示用户
select username from dba_users;
3)删除
SQL> drop user ice;
User dropped
4)修改用户密码
alter user ice identified by 123456;
创建的新用户是没有任何权限的,甚至登录数据库的权限都没有.
5)授权
SQL> grant connect to ice;
Grant succeeded
SQL> conn ice/123456
Connected to Oracle Database 11g Express Edition Release 11.2.0.2.0
Connected as ice
权限
系统权限:用户对数据库的相关权限.(create session)
对象权限:用户对其他用户的数据对象(表,触发器,视图...)操作的权限. [select,insert,update,delete,all,create index...]
角色:
预定义角色:connect dba resource
自定义角色:
1)权限不足
SQL> conn ice/123456
SQL> create table test(userId varchar2(30));
ORA-01031: 权限不足
2)表或视图不存在
切换sys登录: 表Owner =SYS
create table emp(userId varchar2(30));
再切换到ice
select * from emp;
ORA-00942: 表或视图不存在
3)grant resource后有建表的权限
dba登录:
SQL> grant resource to ice ;
Grant succeeded
SQL> conn ice/123456
Connected to Oracle Database 11g Express Edition Release 11.2.0.2.0
Connected as ice
SQL> create table test(userId varchar2(30));
Table created
SQL> select * from test;
USERID
------------------------------
SQL> desc test;
Name Type Nullable Default Comments
------ ------------ -------- ------- --------
USERID VARCHAR2(30) Y
4)ice访问scott创建的emp表
dba登录:
grant select on emp to ice;
SQL> select * from emp;
select * from emp
ORA-00942: 表或视图不存在
得使用:
select * from sys.emp;
同理:grant update on emp to ice;--增加修改权限.
grant all on emp to ice;
5)revoke收回权限
dba登录:
SQL> revoke select on emp from ice;
Revoke succeeded
ice登录:
SQL> select * from sys.emp;
select * from sys.emp
ORA-00942: 表或视图不存在
6)权限的传递:A用户让B用户能替自己(A)进行grant
对象权限:加入 with grant option
SQL> grant select on emp to ice with grant option;
Grant succeeded
系统权限:加入 with admin option
SQL> grant connect to ice with admin option;
Grant succeeded
sysdba给账户A权限grant option,A把权限给B (grant select on emp to B),当sysdba收回A的权限时,B的权限也没有(诛连)
--分割--
使用profile管理用户口令
1)账号锁定
设定尝试次数,和锁定时间.
步骤:创建profile文件
create profile {lock_account} limit failed_login_attempts {3} password_lock_time {2};
--5次 1天
SQL> create profile lock_account limit failed_login_attempts 5 password_lock_time 1;
Profile created
alter user ice profile {lock_account}
--应用lock_account规则于ice用户
SQL> alter user ice profile lock_account;
User altered
2)给账户解锁
alter user {ice} account unlock;
3)终止口令
让用户定期修改密码,使用终止口令的指令来完成.
要求ice这个用户每个10天要修改登录密码,宽限期为2天.
create profile {myprofile} limit password_life_time {10} password_grace_time {2};
--创建profile文件
SQL> create profile myprofile limit password_life_time 10 password_grace_time 2;
Profile created
--应用于ice用户
alter user ice profile myprofile;
SQL> alter user ice profile myprofile;
User altered
4)口令历史
指定口令可重用时间:10天后可重用
SQL> create profile myprofile2 limit password_life_time 10 password_grace_time 2 password_reuse_time 10;
Profile created
5)删除profile
drop profile {profileName}
SQL> drop profile myprofile;
drop profile myprofile
ORA-02382: 概要文件 MYPROFILE 指定了用户, 不能没有 CASCADE 而删除
SQL> drop profile myprofile cascade;
Profile dropped
删除后,该profile之前对账户的约束无效.