oracle系列(二)用戶管理

SQL> conn /as sysdba
Connected to Oracle Database 11g Express Edition Release 11.2.0.2.0
Connected as scott AS SYSDBA

1)建立用戶
使用scott,dba 登陸
SQL> create user ice identified by tiger;

User created
2)顯示用戶
select username from dba_users;
3)刪除
SQL> drop user ice;

User dropped
4)修改用戶密碼
alter user ice identified by 123456;

建立的新用戶是沒有任何權限的,甚至登陸數據庫的權限都沒有.
5)受權
SQL> grant connect to ice;

Grant succeeded

SQL> conn ice/123456
Connected to Oracle Database 11g Express Edition Release 11.2.0.2.0
Connected as ice

權限
系統權限:用戶對數據庫的相關權限.(create session)
對象權限:用戶對其餘用戶的數據對象(表,觸發器,視圖...)操做的權限. [select,insert,update,delete,all,create index...]

角色:
預約義角色:connect dba resource
自定義角色:

1)權限不足
SQL> conn ice/123456
SQL> create table test(userId varchar2(30));
ORA-01031: 權限不足
2)表或視圖不存在
切換sys登陸: 表Owner =SYS
create table emp(userId varchar2(30));
再切換到ice
select * from emp;
ORA-00942: 表或視圖不存在
3)grant resource後有建表的權限
dba登陸:
SQL> grant resource to ice ;

Grant succeeded

SQL> conn ice/123456
Connected to Oracle Database 11g Express Edition Release 11.2.0.2.0
Connected as ice

SQL> create table test(userId varchar2(30));

Table created

SQL> select * from test;
USERID
------------------------------

SQL> desc test;
Name Type Nullable Default Comments
------ ------------ -------- ------- --------
USERID VARCHAR2(30) Y
4)ice訪問scott建立的emp表
dba登陸:
grant select on emp to ice;

SQL> select * from emp;
select * from emp

ORA-00942: 表或視圖不存在
得使用:
select * from sys.emp;

同理:grant update on emp to ice;--增長修改權限.
grant all on emp to ice;

5)revoke收回權限
dba登陸:
SQL> revoke select on emp from ice;

Revoke succeeded
ice登陸:
SQL> select * from sys.emp;
select * from sys.emp

ORA-00942: 表或視圖不存在

6)權限的傳遞:A用戶讓B用戶能替本身(A)進行grant
對象權限:加入 with grant option
SQL> grant select on emp to ice with grant option;

Grant succeeded
系統權限:加入 with admin option
SQL> grant connect to ice with admin option;

Grant succeeded

sysdba給帳戶A權限grant option,A把權限給B (grant select on emp to B),當sysdba收回A的權限時,B的權限也沒有(誅連)

--分割--

使用profile管理用戶口令
1)帳號鎖定
設定嘗試次數,和鎖定時間.
步驟:建立profile文件
create profile {lock_account} limit failed_login_attempts {3} password_lock_time {2};
--5次 1天
SQL> create profile lock_account limit failed_login_attempts 5 password_lock_time 1;
Profile created

alter user ice profile {lock_account}
--應用lock_account規則於ice用戶
SQL> alter user ice profile lock_account;
User altered
2)給帳戶解鎖
alter user {ice} account unlock;
3)終止口令
讓用戶按期修改密碼,使用終止口令的指令來完成.
要求ice這個用戶每一個10天要修改登陸密碼,寬限期爲2天.
create profile {myprofile} limit password_life_time {10} password_grace_time {2};
--建立profile文件
SQL> create profile myprofile limit password_life_time 10 password_grace_time 2;
Profile created
--應用於ice用戶
alter user ice profile myprofile;

SQL> alter user ice profile myprofile;
User altered
4)口令歷史
指定口令可重用時間:10天后可重用
SQL> create profile myprofile2 limit password_life_time 10 password_grace_time 2 password_reuse_time 10;
Profile created
5)刪除profile
drop profile {profileName}

SQL> drop profile myprofile;
drop profile myprofile

ORA-02382: 概要文件 MYPROFILE 指定了用戶, 不能沒有 CASCADE 而刪除

SQL> drop profile myprofile cascade;Profile dropped刪除後,該profile以前對帳戶的約束無效.