oracle系列(二)用户管理

SQL> conn /as sysdba
Connected to Oracle Database 11g Express Edition Release 11.2.0.2.0
Connected as scott AS SYSDBA

1)建立用户
使用scott,dba 登陆
SQL> create user ice identified by tiger;

User created
2)显示用户
select username from dba_users;
3)删除
SQL> drop user ice;

User dropped
4)修改用户密码
alter user ice identified by 123456;

建立的新用户是没有任何权限的,甚至登陆数据库的权限都没有.
5)受权
SQL> grant connect to ice;

Grant succeeded

SQL> conn ice/123456
Connected to Oracle Database 11g Express Edition Release 11.2.0.2.0
Connected as ice

权限
系统权限:用户对数据库的相关权限.(create session)
对象权限:用户对其余用户的数据对象(表,触发器,视图...)操做的权限. [select,insert,update,delete,all,create index...]

角色:
预约义角色:connect dba resource
自定义角色:

1)权限不足
SQL> conn ice/123456
SQL> create table test(userId varchar2(30));
ORA-01031: 权限不足
2)表或视图不存在
切换sys登陆: 表Owner =SYS
create table emp(userId varchar2(30));
再切换到ice
select * from emp;
ORA-00942: 表或视图不存在
3)grant resource后有建表的权限
dba登陆:
SQL> grant resource to ice ;

Grant succeeded

SQL> conn ice/123456
Connected to Oracle Database 11g Express Edition Release 11.2.0.2.0
Connected as ice

SQL> create table test(userId varchar2(30));

Table created

SQL> select * from test;
USERID
------------------------------

SQL> desc test;
Name Type Nullable Default Comments
------ ------------ -------- ------- --------
USERID VARCHAR2(30) Y
4)ice访问scott建立的emp表
dba登陆:
grant select on emp to ice;

SQL> select * from emp;
select * from emp

ORA-00942: 表或视图不存在
得使用:
select * from sys.emp;

同理:grant update on emp to ice;--增长修改权限.
grant all on emp to ice;

5)revoke收回权限
dba登陆:
SQL> revoke select on emp from ice;

Revoke succeeded
ice登陆:
SQL> select * from sys.emp;
select * from sys.emp

ORA-00942: 表或视图不存在

6)权限的传递:A用户让B用户能替本身(A)进行grant
对象权限:加入 with grant option
SQL> grant select on emp to ice with grant option;

Grant succeeded
系统权限:加入 with admin option
SQL> grant connect to ice with admin option;

Grant succeeded

sysdba给帐户A权限grant option,A把权限给B (grant select on emp to B),当sysdba收回A的权限时,B的权限也没有(诛连)

--分割--

使用profile管理用户口令
1)帐号锁定
设定尝试次数,和锁定时间.
步骤:建立profile文件
create profile {lock_account} limit failed_login_attempts {3} password_lock_time {2};
--5次 1天
SQL> create profile lock_account limit failed_login_attempts 5 password_lock_time 1;
Profile created

alter user ice profile {lock_account}
--应用lock_account规则于ice用户
SQL> alter user ice profile lock_account;
User altered
2)给帐户解锁
alter user {ice} account unlock;
3)终止口令
让用户按期修改密码,使用终止口令的指令来完成.
要求ice这个用户每一个10天要修改登陆密码,宽限期为2天.
create profile {myprofile} limit password_life_time {10} password_grace_time {2};
--建立profile文件
SQL> create profile myprofile limit password_life_time 10 password_grace_time 2;
Profile created
--应用于ice用户
alter user ice profile myprofile;

SQL> alter user ice profile myprofile;
User altered
4)口令历史
指定口令可重用时间:10天后可重用
SQL> create profile myprofile2 limit password_life_time 10 password_grace_time 2 password_reuse_time 10;
Profile created
5)删除profile
drop profile {profileName}

SQL> drop profile myprofile;
drop profile myprofile

ORA-02382: 概要文件 MYPROFILE 指定了用户, 不能没有 CASCADE 而删除

SQL> drop profile myprofile cascade;Profile dropped删除后,该profile以前对帐户的约束无效.