Chapter 7: Administering Users and Security

You must create user accounts and grant appropriate database access privileges to those accounts so that users can access your database. Some user accounts are automatically included in the pre-configured database, but for security reasons, most of these accounts are locked and expired. In this chapter you will learn how to create and manage user accounts. You will use Enterprise Manager to create a role and two users in your database. You will also unlock the HR user account.

Approximately 1 hour

Topics

This tutorial covers the following topics:

Place the cursor over this icon to load and view all the screenshots for this tutorial. (Caution: This action loads all screenshots simultaneously, so response time may be slow depending on your Internet connection.)

Note: Alternatively, you can place the cursor over an individual icon in the following steps to load and view only the screenshot associated with that step. You can hide an individual screenshot by clicking it.

Before you perform this tutorial, you should:

1.

Complete Chapter 2: Installing Oracle Software and Building the Database OBE

2.

Complete Chapter 3: Getting Started with Oracle Enterprise Manager OBE

3.

Complete Chapter 4: Configuring the Network Environment OBE

4.

Complete Chapter 5: Managing the Oracle Instance OBE

5.

Complete Chapter 6: Managing Database Storage Structures OBE

Back to Topic List

Administering Database Users

Users connect to the database by using a user account that you create in the database. A user account is identified by a username and defines the user’s attributes. In this section you will create a new user and give the user privileges to connect to the database and create objects in the database.

In this section, you will perform the following tasks:

A Creating New Users
B. Changing User Attributes
C. Unlocking Accounts and Resetting Passwords
D. Granting Privileges

Back to Topic List

Creating New Users

Follow the steps below to create the FSOWNER user:

1.

Log in to Enterprise Manager Database Control by opening your browser and specifying the SYS username and password.

Click Login.

 

2.

Navigate to the Server page. Click Users in the Security section.

 

3.

The Users property page appears. Click Create.

 

4.

The Create User General page appears. Enter the following values in the fields:

Username: FSOWNER
Password: FSOWNER
Default tablespace: FSDATA
Temporary tablespace: TEMP
Status: Unlocked

Click OK.

Note that the password of FSOWNER is used for simplicity. Be sure to follow Oracle best practices when setting passwords in your own database.

 

5.

The Users property page is displayed with an Update message confirming the creation of your user.

You can also see the new user by scrolling down the page. Click the Database Instance link to return to the Server page.

 

Back to Topic

Changing User Attributes

In this section you will learn how to change user attributes. The FSOWNER user will create objects in the database and needs to have quota on the FSDATA tablespace to create objects in it.

Perform the steps listed below to enable the FSOWNER user to create objects in the FSDATA tablespace:

1.

Click Users in the Security section on the Serverpage to access the Users property page. Select FSOWNER in the results list and click Edit.

 

2.

The Edit User General page is displayed. Click Quotas to display the Quotas page.

 

3.

Select Unlimited from the Quota drop-down menu for the FSDATA tablespace. Click Apply.

 

4.

The Edit User page appears with an Update message confirming your change.

Click the Users link to return to the Users property page.

 

Back to Topic

Unlocking Accounts and Resetting Passwords

If an account is locked, the user cannot log in to the database. During installation, you were given the option to unlock and reset the Oracle supplied database user accounts. If you did not choose to unlock those accounts at that time, you can do so by following the steps below. In this example, you will unlock the HR user account and reset the password. The same steps can be executed for each account you want to unlock and/or need to reset the password for.

1.

On the Users page, select HR in the results list and select Unlock User in the pull-down menu in the Actions box. Click Go.

 

2.

Click Yes to confirm the unlock operation.

 

3.

The Users property page is displayed with an Update message confirming the unlocking of your user. You can see the EXPIRED status for the HR user in the Results section. Select HR in the results list and click Edit.

 

4.

The Edit User General page is displayed. Enter a password of your choice for the new password and click Apply.

Click the Users link to return to the Users property page. The status in the Account Status column now displays OPEN.

 

Back to Topic

Granting Privileges

In this section you will learn how to grant privileges. The FSOWNER user will create objects in the database and needs privileges to create those objects.

Perform the steps listed below to enable the FSOWNER user to create objects in the database:

1.

On the Users page, select FSOWNER in the results list and click Edit.

 

2.

The Edit User General page is displayed. Click System Privileges.

 

3.

The System Privileges page appears. Click Edit List.

 

4.

The Modify System Privileges page is displayed. Click each of the following privileges and click Move to select it: CREATE ANY INDEX and CREATE ANY TABLE. Click OK.

 

5.

The Edit User page is displayed with the selected system privileges. Click Apply to grant the privileges.

 

6.

The Edit User page is displayed with the Update message confirming the change. Note that FSOWNER will not be able to connect to the database until the CREATE SESSION privilege has been granted (which occurs in the following section).

Click the Users link to return to the Users page.

 

Back to Topic

Administering Roles

You can use roles to group privileges and other roles to facilitate the granting of multiple privileges and roles to users. There are a number of predefined roles. In addition, you can create roles that are applicable for the operations and objects that exist in your database.

In this section, you will examine the following tasks:

A Creating Roles
B. Granting Roles

Back to Topic List

Creating Roles

In this section you will create a role to contain the privileges needed. In a later chapter you will grant object privileges to the role.

Follow the steps below to create the FSCLERK role:

1.

Click the Database Instance link to return to the Server page. Click Roles in the Security section.

 

2.

The Roles property page appears. Click Create.

 

3.

The Create Role page appears. Enter fsclerk in the Name field. Click System Privileges.

 

4.

The System Privileges page is displayed. Click Edit List to select system privileges to grant to the role.

 

5.

Select CREATE SESSION from Available System Privileges and click Move. Click OK.

 

6.

The Create Role page appears again. Click OK to create the role with the selected privileges.

 

7.

The Roles page appears again with an update message confirming the creation of the FSCLERK role. You can scroll down to see the role you just created.

Click the Database Instance link to return to the Server page.

 

Back to Topic

Granting Roles

In this section you will learn how to grant roles to users. The FSOWNER user needs the privileges in the FSCLERK role.

Perform the steps listed below to provide the FSOWNER with the privileges in the FSCLERK role:

1.

Click Users in the Security section on the Server page to access the Users property page. Select FSOWNER in the results list and click Edit.

 

2.

The Edit User General page is displayed. Click Roles.

 

3.

The Roles page appears. Click Edit List.

 

4.

The Modify Roles page is displayed. Select FSCLERK from the Available Roles and click Move to select it. Click OK.

 

5.

The Edit User page is displayed with the selected roles. Click Apply to grant the role.

 

6.

The Edit User page is displayed with the Update message confirming the change. Click the Database Instance link to return to the Server page.

 

Back to Topic

In this tutorial, you learned how to:

Create a new user.
Change the attributes associated with a user.
Unlock a user account and set a new password.
Grant system privileges to a user.
Create a role and assign the new role to an existing role.

Back to Topic List

Place the cursor over this icon to hide all screenshots.