You must create user accounts and grant appropriate database access privileges to those accounts so that users can access your database. Some user accounts are automatically included in the pre-configured database, but for security reasons, most of these accounts are locked and expired. In this chapter you will learn how to create and manage user accounts. You will use Enterprise Manager to create a role and two users in your database. You will also unlock the HR user account.
This chapter discusses the following:
Administering Database Users | ||
Administering Roles |
Move your mouse over this icon to show all screenshots. You can also move your mouse over each individual icon to see only the screenshot associated with it.
Users connect to the database by using a user account that you create in the database. A user account is identified by a username and defines the user’s attributes. In this section you will create a new user and give the user privileges to connect to the database and create objects in the database.
In this section, you will perform the following tasks:
Creating New Users | ||
Changing User Attributes | ||
Unlocking Accounts and Resetting Passwords | ||
Granting Privileges |
Follow the steps below to create the FSOWNER user:
1. |
Log in to Enterprise Manager Database Console by opening your browser and specifying the SYS username and password. Click Login.
|
2. |
Navigate to the Administration page. Click Users in the Users & Privileges section.
|
3. |
The Users property page appears. Click Create.
|
4. |
The Create User General page appears. Enter the following values in the fields: Username: FSOWNER Click OK.
|
5. |
The Users property page is displayed with an Update message confirming the creation of your user. You can also see the new user by scrolling down the page. Click the Database link to return to the Administration page.
|
In this section you will learn how to change user attributes. The FSOWNER user will create objects in the database and needs to have quota on the FSDATA and FSINDEX tablespaces to create objects in it.
Perform the steps listed below to enable the FSOWNER user to create objects in the FSDATA tablespace:
1. |
Click Users in the Users & Privileges section on the Administration page to access the Users property page. Select FSOWNER in the results list and click Edit.
|
2. |
The Edit User General page is displayed. Click Quotas to display the Quotas page.
|
3. |
Select Unlimited from the Quota drop-down menu for the FSDATA and FSINDEX tablespaces. Click Apply.
|
4. |
The Edit User page appears with an Update message confirming your change. Note the quota value of -1 indicating Unlimited. Select the Users link to return to the Users property page.
|
If an account is locked, the user cannot log in to the database.
During installation, you were given the option to unlock and reset the Oracle
supplied database user accounts. If you did not choose to unlock those accounts
at that time, you can do so by following the steps below. In this example, you
will unlock the HR user account
and reset the password. The same steps can be executed for each account you
want to unlock and/or need to reset the password for.
1. |
On the Users page, select HR in the
results list and select Unlock User in the pull-down menu in the
Actions box. Click Go.
|
2. |
Click Yes to confirm the unlock operation.
|
3. |
The Users property page is displayed with an Update message confirming the unlocking of your user. You can see the EXPIRED status for the HR user in the Results section. Select HR in the results list and click Edit.
|
4. |
The Edit User General page is displayed. Enter a new password and click Apply.
|
5. |
The Edit User page is displayed with an update message confirming the change to your user. Select the Users link to return to the Users property page.
|
In this section you will learn how to grant privileges. The FSOWNER user will create objects in the database and needs privileges to create those objects.
Perform the steps listed below to enable the FSOWNER user to create objects in the database:
1. |
On the Users page, select FSOWNER in the results list and click Edit.
|
2. |
The Edit User General page is displayed. Click System Privileges.
|
3. |
The System Privileges page appears. Click Edit List.
|
4. |
The Modify System Privileges page is displayed. Click each of the following privileges and click Move to select it: CREATE ANY INDEX, CREATE ANY TABLE, CREATE SESSION. Click OK.
|
5. |
The Edit User page is displayed with the selected system privileges. Click Apply to grant the privileges.
|
6. |
The Edit User page is displayed with the Update message confirming the change. Click the Database link to return to the Administration page.
|
You can use roles to group privileges and other roles to facilitate the granting of multiple privileges and roles to users. There are a number of predefined roles. In addition, you can create roles that are applicable for the operations and objects that exist in your database.
In this section, you will examine the following tasks:
Creating Roles | ||
Granting Roles |
In this section you will create a role to contain the privileges needed. In a later chapter you will grant object privileges to the role.
Follow the steps below to create the FSCLERK role:
1. |
Click Roles in the Users & Privileges section on the Administration page.
|
2. |
The Roles property page appears. Click Create.
|
3. |
The Create Role page appears. Enter fsclerk in the Name field. Click System Privileges.
|
4. |
The System Privileges page is displayed. Click Edit List to select system privileges to grant to the role.
|
5. |
Select Create Session from Available System Privileges and click Move to select it. Click OK.
|
6. |
The Create Role page appears again. Click OK to create the role with the selected privileges.
|
7. |
The Roles page appears again with an update message confirming the creation of the FSCLERK role. You can scroll down to see the role you just created.
|
In this section you will learn how to grant roles to users. The FSOWNER user needs the privileges in the FSCLERK role.
Perform the steps listed below to provide the FSOWNER with the privileges in the FSCLERK role:
1. |
Click Users in the Users & Privileges section on the Administration page to access the Users property page. Select FSOWNER in the results list and click Edit.
|
2. |
The Edit User General page is displayed. Click Roles.
|
3. |
The Roles page appears. Click Edit List.
|
4. |
The Modify Roles page is displayed. Select FSCLERK from the Available Roles and click Move to select it. Click OK.
|
5. |
The Edit User page is displayed with the selected roles. Click Apply to grant the role.
|
6. |
The Edit User page is displayed with the Update message confirming the change.
|
Move your mouse over this icon to hide all screenshot