Shulou(Shulou.com)06/01 Report--

I. Oracle identity authentication method

The main ways of Oracle authentication are as follows:

Operating system authentication

Password file authentication

Database password authentication

External authentication

Network authentication

Among them, operating system authentication and password files are for administrator accounts; external authentication is similar to operating system authentication.

1. Operating system authentication

After the operating system users are added to the DBA group, they can connect directly with connect / as sysdba. Such as:

[root@mycentos ~] # useradd scott [root@mycentos ~] # su scott [scott@mycentos ~] $export ORACLE_SID= oracle [Scott @ mycentos ~] $export ORACLE_BASE=/app/ oracle [Scott @ mycentos ~] $export ORACLE_HOME=$ORACLE_BASE/product/11.2.0/db_1 [scott@mycentos ~] $export PATH=$PATH:$ORACLE_HOME/ [Scott @ mycentos ~] $export LANG=en_US.UTF-8 [scott@mycentos ~] $alias sqlplus='rlwrap sqlplus'; [scott@mycentos ~] $alias rman='rlwrap rman' [scott@mycentos ~] $sqlplus / nologSQL > conn / as sysdbaERROR:ORA-01031: insufficient privileges

# execute in another window

[root@mycentos ~] # usermod-a-G dba scott [root@mycentos ~] # grep scott / etc/groupdba:x:500:oracle,scott

# execute again at this time

SQL > conn / as sysdbaConnected.

Whether or not operating system verification is enabled is controlled by the SQLNET.AUTHENTICATION_SERVICES parameter in sqlnet.ora, which has the following three values:

NONE: does not allow users to log in to the database through the OS system. You need to provide a user name and password.

ALL: the function is to allow all login methods

NTS: function is to allow local operating system user authentication

When sqlnet.authentication_services=none, you can only connect with a password.

SQL > conn / as sysdbaERROR:ORA-01031: insufficient privilegesSQL > conn sys/asd as sysdbaConnected.

When sqlnet.authentication_services=all, operating system authentication is allowed.

SQL > conn / as sysdbaConnected.

In sqlnet.authentication_services=nts, operating system authentication cannot be used in linux systems.

2. Management of password files

[reading notes] password file summary.

3. Database password authentication

In short: conn user/pwd@ service name

4. External authentication

Use the externally parameter when creating a user.

5. Network authentication

An emerging standard for managing identities uses LDAP servers. Oracle Internet Directory (OID) is a product of Oracle that conforms to the LDAP standard, and the global user is the user defined in the LDAP directory. [it has not been touched yet and can be ignored at this time. Use the globally parameter when creating users]

II. User management

2.1 create a user

Create user user_name

[identified by password | externally | globally] # Database authentication, database authentication, operating system authentication

[default collation collation_name] # rarely used

[default tablespace tablespace_name]

[[locla] temporary tablespace tablespace_name | tablespace group name]

[quota size_clause | unlimited on tablespace_name]

[profile profile_name] # profile for understanding only. Oracle recommends using Database Resource Manager

[password expire] # password expires immediately

[account lock | unlock]

[enable editions] # should be version control

Used in [container=current | all] # CDB and PDB

2.2 modify users

At the beginning of alter user, the following statements are basically the same as create user.

2.3 deleting a user

DROP USER user_name [CASCADE]

2.4 Rights Management

Distribution and recovery of oracle permissions

1) official documents for permission assignment:

Http://docs.oracle.com/cd/E11882_01/server.112/e41084/statements_9013.htm#SQLRF01603

2) permission to reclaim official documents:

Http://docs.oracle.com/cd/E11882_01/server.112/e41084/statements_9020.htm#SQLRF01609

III. Role management

3.1 creation of roles

Create role role_name

3.2 permission assignment

Grant role to user/role

3.3 role deletion

Drop role

3.4 predefined roles for the system

Only create session permissions are available in connect:11.2

Resource: permission to create data and procedure objects, as well as permission to unlimited tablespace

Dba: almost all permissions outside the database are enabled and closed.

Select_catalog_role: only have permission to view the data dictionary, but no system permission or permission for user data.

Scheduler_admin: have the system permissions required to manage scheduler jobs for the scheduling service.

IV. Configuration file

ORACLE profile

V. Audit

[reading notes] database audit

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.