Shulou(Shulou.com)06/01 Report--

I. user account attributes

1. User name

Consists of (letters, numbers $_) with less than 30 characters. Words cannot be reserved for. Letters are not case-sensitive. Once the user name is created, modification is not allowed. If you have to change it, you must delete the account before creating one.

Note: the user name is specified in double quotation marks and does not follow the execution rules (except for length)

SQL > create user peenboo identified bypassword

SQL > create user "peenboo#%" identified by pa55w0rd

2. Default tablespace and quota

2.1 each user account has a default tablespace. Any user-created schema objects, such as tables or views, are saved in this tablespace. Unless another tablespace is specified when the object is created, it will be placed in the default tablespace.

You can set the default tablespace when you create the database, or you can change it through the following syntax:

ALTERDATABASE DEFAULT TABLESAPCE tablespacename

Note: if you do not specify a default tablespace when creating a database, set SYSTEM to the default tablespace.

2.2 quota is the amount of space allocated in the tablespace for the user's schema object.

SQL > select username,DEFAULT_TABLESPACE,temporary_tablespace from dba_users

Where username='PEENBOO'

SQL > alter user peenboo quota 10m on users

SQL > alter user peenboo quota unlimited onexample

SQL > select tablespace_name, bytes, max_bytes from dba_ts_quotas

3 temporary tablespaces (temporary tablespace)

The management of temporary tablespaces is completely automated. Objects in temporary tablespaces are not really owned by users, but belong to SYS users, who have unlimited quotas on all tablespaces.

Change the user's temporary tablespace:

ALTERUSER username temporary tablespace tablespace_name

4 configuration Fil

Configuration files are an effective way to manage passwords and resources, but they actually apply only to environments where each application has its own database user account.

5. Account status

You can see the status of each user account through DBA_USERS 's ACCOUNT_STATUS.

OPEN-Open (available status)

LOCKED-locked (DBA intentionally locked, no user can connect to the account)

EXPIRED-expired (indicates that the life cycle of the password has ended)

Not only is EXPIRED&LOCKED-- locked, but its password has expired

EXPIRED (GRACE)-"normal time period takes effect". The password expires immediately at the end of the life cycle. You can configure a normal time period during which the password can be changed.

LOCKED (TIMED)-account has been locked due to a failed login attempt

EXPIRED&LOCKED (TIMED)-expired and timeout locked

EXPIRED (GRACE) & LOCKED-normally expired and locked

EXPIRED (GRACE) & LOCKED (TIMED)-- normal expiration and timeout lock

-- the syntax for locking and unlocking is as follows:

ALTERUSER username ACCOUNT LOCK

ALTERUSER username ACCOUNT UNLOCK

-- force the user to change the password the next time he tries to log in:

ALTERUSER username PASSWORD EXPIRE

II. Authentication methods

1. Operating system and password file authentication

To authenticate the operating system and password files for the account, the user must be granted (SYSDBA or SYSOPER) privileges:

GRANT [sysdba | sysoper] To username

When logging in using sqlplus, the syntactic connection is as follows:

CONNECT username/password [@ db_alias] AS [sysdba | sysoper]

Note: to determine who is granted SYSDBA and SYSOPER permissions, you can query through V$PWFILE_USERS.

All user sessions must be authenticated. There is no such thing as "anonymous login".

2. Password authentication

SQL > CONNECT username/password [@ db_alias]

Whether you change your own password or someone else's password, the syntax is:

ALTER USER usernameIDENTIFIED BY password

3. External authentication

After obtaining AdvancedSecurity authentication, you can use an external service Kerberos server, a RADIUS server, or a Windows local province authentication service in a Windows environment.

If AdvancedSecurity verbose is not enabled, the only external authentication that can be used is operating system authentication. This technique creates an ORACLE account with the same name as the operating system user account, but preceded by the string specified by the OS_AUTHENT_PREFIX instance parameter. The string defaults to OPS$. You can also query it in the following ways:

SQL > select value from v$parameter where name = 'os_authent_prefix'

On linux or Unix, it is more simple, such as peenboo.

SQL > create user ops$peenboo identified by externally

SQL > grant create session to ops$peenboo

SQL > sqlplus /

4. Global authentication (global authentication)

Using the LDAP server, the global user (global user) is the user defined in the LDAP directory.

There are two global authentication technologies:

Users can be defined in a directory or in a database.

Users can only be defined in the directory.

Create an account

1 CREATE USER must contain two required parameters: the user name and the authentication method.

SQL > createuser scott identified by tiger

Default tablespace user temporary tablespace temp

Quota100m on users, quota unlimited on example

Profiledeveloper_profile

Password expire

Accountunlock

2 in addition to the name, you can adjust each attribute on the account through the ALTER USER command.

(1) change the password

SQL > alter user scott identified by lion

(2) modify default and temporary tablespaces

SQL > alter user scott default tablespacetbs_peenboo temporary tablespace pbtemp

(3) modify the quota

SQL > alter user scott quato unlimited ontbs_peenboo, quato 0 on users

(4) modify the configuration file

SQL > alter user scott profile prod_profile

(5) mandatory change of password

SQL > alter user scoot password expire

(6) Lock users

SQL > alter user scott account lock

(7) users have been created and need to be deleted and rebuilt

SQL > drop user scott

(8) the user is a non-empty user and the following command is required:

SQL > drop user scott cascade

The PUBLIC user is a conceptual user, and if you want to grant permissions to each user, you can grant permissions to the PUBLIC user.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.