![大型数据库系统分析与设计:Less09-Users_第1页](http://file4.renrendoc.com/view/59ecc11712f71649ae79af98a791cdf5/59ecc11712f71649ae79af98a791cdf51.gif)
![大型数据库系统分析与设计:Less09-Users_第2页](http://file4.renrendoc.com/view/59ecc11712f71649ae79af98a791cdf5/59ecc11712f71649ae79af98a791cdf52.gif)
![大型数据库系统分析与设计:Less09-Users_第3页](http://file4.renrendoc.com/view/59ecc11712f71649ae79af98a791cdf5/59ecc11712f71649ae79af98a791cdf53.gif)
![大型数据库系统分析与设计:Less09-Users_第4页](http://file4.renrendoc.com/view/59ecc11712f71649ae79af98a791cdf5/59ecc11712f71649ae79af98a791cdf54.gif)
![大型数据库系统分析与设计:Less09-Users_第5页](http://file4.renrendoc.com/view/59ecc11712f71649ae79af98a791cdf5/59ecc11712f71649ae79af98a791cdf55.gif)
版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、Administering User SecurityObjectivesAfter completing this lesson, you should be able to do the following:Create and manage database user accountsCreate and manage rolesGrant and revoke privilegesControl resource usage by usersUser Management: OverviewCreate a user with an assigned storage area (tab
2、lespace).Assign quota to limit storage usage.Limit resource usage with profile.Authenticate a user with a password.Manage password rules with profiles (expire passwords and lock account).Assign privileges to roles and roles to users.UsersPrivilegesRolesHR_MGRJennyInsertemployeesDatabase Users and Sc
3、hemasA schema is the collection ofobjects owned by a user.Username and schema are often used interchangeably.A user can be associated with only one schema, but he or she can use objects from many schemas with the appropriate permissions.Schema ObjectsTablesTriggersIndexesViewsSequencesStored program
4、 unitsSynonymsUser-defined data typesDatabase linksDatabase User AccountsEach database user account has:A unique usernameAn authentication methodA default tablespace A temporary tablespaceA user profileA consumer groupA lock statusUserPrivilegeRoleProfileDatabase User Accounts Full Notes PagePredefi
5、ned Accounts: SYS and SYSTEMThe SYS account:Is granted the DBA roleHas all privileges with ADMIN OPTIONIs required for startup, shutdown, and some maintenance commandsOwns the data dictionaryOwns the Automatic Workload Repository (AWR)The SYSTEM account is granted the DBA role. These accounts are no
6、t used for routine operations.Creating a UserSelect Administration Schema Users & Privileges Users, and then click the Create button.PrivilegesThere are two types of user privileges:System: Enables users to perform particular actions in the databaseObject: Enables users to access and manipulate a sp
7、ecific objectUser PrivilegeRoleProfileSystem privilege: Create sessionHR_DBAObject privilege: Update employeesSystem PrivilegesSystem PrivilegesFull Notes PageObject PrivilegesTo grant object privileges:1.Choose the object type.2.Select objects.3.Select privileges.GRANTREVOKERevoking System Privileg
8、eswith ADMIN OPTIONREVOKE CREATE TABLE FROM jeff;UserPrivilegeObjectDBAJeffEmiJeffEmiDBAGRANTREVOKERevoking Object Privileges with GRANT OPTIONBobJeffEmiEmiJeffBobCreating a RoleSelect Administration Schema Users & Privileges Roles. User PrivilegeRoleProfileBenefits of Roles Easier privilege managem
9、ent Dynamic privilege management Selective availability of privilegesPredefined RolesCONNECTCREATE SESSIONRESOURCECREATE CLUSTER, CREATE INDEXTYPE, CREATE OPERATOR, CREATE PROCEDURE, CREATE SEQUENCE, CREATE TABLE, CREATE TRIGGER, CREATE TYPESCHEDULER_ ADMINCREATE ANY JOB, CREATE EXTERNAL JOB, CREATE
10、 JOB, EXECUTE ANY CLASS, EXECUTE ANY PROGRAM, MANAGE SCHEDULERDBAMost system privileges, several other roles. Do not grant to nonadministrators.SELECT_CATALOG_ROLENo system privileges, but HS_ADMIN_ROLE and over 1,700 object privileges on the data dictionaryCREATE ROLE secure_application_roleIDENTIF
11、IED USING ;Secure RolesRoles may also be secured programmatically.Roles may be nondefault.SET ROLE vacationdba;Roles may be protected through authentication.Profiles and UsersUsers are assigned only one profile at any given time.Profiles:Control resource consumptionManage account status and password
12、 expirationUserPrivilegeRole ProfileProfiles and UsersFull Notes PageWhere We AreDone:Creating a userCreating a roleAssigning system and object privileges to a role Creating a profileLimiting resource usage with a profileTo DoModifying user accounts: Assigning storage area (tablespace)Assigning quot
13、a to limit storage usageAuthenticating users with passwordsManaging password rules with profiles (expiring passwords and locking accounts)Assigning privileges to roles and roles to usersModifying Users: Default and Temporary Tablespaces and LockingDefault: Default location of database objectsTempora
14、ry: Used for sortingBest practice: Be specific in your tablespace assignments.Assigning Quota to UsersUsers who do not have the UNLIMITED TABLESPACE system privilege must be given a quota before they can create objects in a tablespace. Quotas can be:UnlimitedA specific value in megabytes or kilobyte
15、sAssigning Quota to UsersFull Notes PageAuthenticating UsersPasswordExternalGlobalAuthenticating UsersFull Notes PageAdministrator AuthenticationOperating System Security:DBAs must have the OS privileges to create and delete files.Typical database users should not have the OS privileges to create or
16、 delete database files. Administrator Security:SYSBA and SYSOPER connections are authorized via password file or OS.Password file authentication records the DBA user by name.OS authentication does not record the specific user.OS authentication takes precedence over password file authentication for S
17、YSDBA and SYSOPER. Locking and Unlocking AccountsFailed login attemptsManual lockingAccount lockedManual unlockingAccount unlockedUserDBASetting Password ExpirationPassword management includes the following:Specifying the maximum lifetime for a passwordSpecifying a grace period for changing a passwo
18、rdNote: Do not use profiles that cause the SYS, SYSMAN, and DBSNMP passwords to expire and the accounts to get locked.Unlocking a User Account andResetting the PasswordSelect the user, and click Unlock User.Assigning Privileges to Roles and Roles to UsersUsersPrivilegesRolesHR_CLERKHR_MGRJennyDavidRachelDeleteemployeesSelectemployeesUpdateemployeesInsertemployeesAssigning
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- GB/T 23723.5-2025起重机安全使用第5部分:桥式和门式起重机
- GB/T 23500-2025元宵质量通则
- 建筑行业智能管理平台开发采购合同
- 户外运动装备租赁使用安全免责协议书
- 硬件设备购销合同
- 游戏行业虚拟物品交易风险告知免责协议
- 独家代理手房合同
- 工程总承包联合体协议书
- 基于大数据的智能能源管理系统合作协议
- 专利申请与维护合同
- 小学科学冀人版六年级下册全册同步练习含答案
- 邮政储蓄银行-客户经理(个人消费贷款)-试题+答案
- 2024年3月10日国考公务员税务局面试真题及解析
- 市政造价员道路工程预决算入门讲解(零起步培训课件)
- VOC废气治理工程中低温催化氧化技术的研究与实践
- 《管理统计学》课件
- 教师的挑战:宁静的课堂革命
- 新能源材料与器件导论绪论
- 市政工程监理实施细则(完整版)
- 量具能力准则Cg-Cgk评价报告
- 旅游管理-我国老年旅游市场现状及开发策略
评论
0/150
提交评论