Chapter 7: Administering Users and Security
Chapter 7: Administering Users and Security
You must create user accounts and grant appropriate database
access privileges to those accounts so that users can access your database.
Some user accounts are automatically included in the pre-configured database,
but for security reasons, most of these accounts are locked and expired. In
this chapter you will learn how to create and manage user accounts. You will
use Enterprise Manager to create a role and two users in your database. You
will also unlock the HR user
account.
Approximately 1 hour
This tutorial covers the following topics:
Place the cursor over this icon to load and view all the screenshots for this tutorial.
(Caution: This action loads all screenshots simultaneously, so response time may be slow depending on your Internet connection.)
Note: Alternatively, you can place the cursor over
an individual icon in the following steps to load and view only the screenshot
associated with that step. You can hide an individual screenshot by clicking
it.
Before you perform this tutorial, you should:
Back to Topic List
Users connect to the database by using a user account that
you create in the database. A user account is identified by a username and defines
the user’s attributes. In this section you will create a new user and give
the user privileges to connect to the database and create objects in the database.
In this section, you will perform the following tasks:
Creating
New Users
Follow the steps below to create the FSOWNER
user:
| 1. |
Log in to Enterprise Manager Database Console by opening
your browser and specifying the SYS
username and password.
Click Login.
|
| 2. |
Navigate to the Server page. Click
Users in the Security section.
|
| 3. |
The Users property page appears. Click Create.
|
| 4. |
The Create User General page appears. Enter the
following values in the fields:
Username: FSOWNER
Password: FSOWNER
Default tablespace: FSDATA
Temporary tablespace: TEMP
Status: Unlocked
Click OK.
|
| 5. |
The Users property page is displayed with an
Update message confirming the creation of your user.
You can also see the new user by scrolling down the
page. Click the Database link to return to the Server page.
|
Back to Topic
Changing
User Attributes
In this section you will learn how to change user attributes.
The FSOWNER user will create
objects in the database and needs to have quota on the FSDATA
tablespace to create objects in it.
Perform the steps listed below to enable the FSOWNER
user to create objects in the FSDATA
tablespace:
| 1. |
Click Users in the Security
section on the Serverpage to access the Users property page.
Select FSOWNER in
the results list and click Edit.
|
| 2. |
The Edit User General page is displayed. Click
Quotas to display the Quotas page.
|
| 3. |
Select Unlimited from the Quota drop-down
menu for the FSDATA tablespace. Click Apply.
|
| 4. |
The Edit User page appears with an Update message
confirming your change. Note the quota value of -1 indicating Unlimited.
Click the Users link to return to the Users property
page.
|
Back to Topic
Unlocking
Accounts and Resetting Passwords
If an account is locked, the user cannot log in to the database.
During installation, you were given the option to unlock and reset the Oracle
supplied database user accounts. If you did not choose to unlock those accounts
at that time, you can do so by following the steps below. In this example, you
will unlock the HR user account
and reset the password. The same steps can be executed for each account you
want to unlock and/or need to reset the password for.
| 1. |
On the Users page, select HR
in the results list and select Unlock User in the pull-down
menu in the Actions box. Click Go.
|
| 2. |
Click Yes to confirm the unlock operation.
|
| 3. |
The Users property page is displayed with an
Update message confirming the unlocking of your user. You can see
the EXPIRED status for the HR
user in the Results section. Select HR
in the results list and click Edit.
|
| 4. |
The Edit User General page is displayed. Enter
oracle for the new
password and click Apply.
Click the Users link to return to the Users property
page. The status in the Account Status column now displays OPEN.
|
Back to Topic
Granting
Privileges
In this section you will learn how to grant privileges. The
FSOWNER user will create objects
in the database and needs privileges to create those objects.
Perform the steps listed below to enable the FSOWNER
user to create objects in the database:
| 1. |
On the Users page, select FSOWNER
in the results list and click Edit.
|
| 2. |
The Edit User General page is displayed. Click
System Privileges.
|
| 3. |
The System Privileges page appears. Click Edit
List.
|
| 4. |
The Modify System Privileges page is displayed.
Click each of the following privileges and click Move to select
it: CREATE ANY INDEX and CREATE ANY TABLE. Click
OK.
|
| 5. |
The Edit User page is displayed with the selected
system privileges. Click Apply to grant the privileges.
|
| 6. |
The Edit User page is displayed with the Update
message confirming the change. Note that FSOWNER will not be able to connect
to the database until the CREATE SESSION privilege has been granted (which
occurs in the following section).
Click the Users link to return to the Users page.
|
Back to Topic
You can use roles to group privileges and other
roles to facilitate the granting of multiple privileges and roles to users.
There are a number of predefined roles. In addition, you can create roles that
are applicable for the operations and objects that exist in your database.
In this section, you will examine the following tasks:
Creating
Roles
In this section you will create a role to contain the privileges
needed. In a later chapter you will grant object privileges to the role.
Follow the steps below to create the FSCLERK
role:
| 1. |
Click the database link to return to the Server
page. Click Roles in the Security section.
|
| 2. |
The Roles property page appears. Click Create.
|
| 3. |
The Create Role page appears. Enter fsclerk
in the Name field. Click System Privileges.
|
| 4. |
The System Privileges page is displayed. Click
Edit List to select system privileges to grant to the role.
|
| 5. |
Select CREATE SESSION from Available System
Privileges and click Move. Click OK.
|
| 6. |
The Create Role page appears again. Click OK
to create the role with the selected privileges.
|
| 7. |
The Roles page appears again with an update message
confirming the creation of the FSCLERK
role. You can scroll down to see the role you just created.
Click the Database link to return to the Server
page.
|
Back to Topic
Granting
Roles
In this section you will learn how to grant roles to users.
The FSOWNER user needs the privileges
in the FSCLERK role.
Perform the steps listed below to provide the FSOWNER
with the privileges in the FSCLERK
role:
| 1. |
Click Users in the Security section on
the Server page to access the Users property page. Select
FSOWNER in the results
list and click Edit.
|
| 2. |
The Edit User General page is displayed. Click
Roles.
|
| 3. |
The Roles page appears. Click Edit List.
|
| 4. |
The Modify Roles page is displayed. Select FSCLERK
from the Available Roles and click Move to select it. Click OK.
|
| 5. |
The Edit User page is displayed with the selected
roles. Click Apply to grant the role.
|
| 6. |
The Edit User page is displayed with the Update
message confirming the change.
|
Back to Topic
In this tutorial, you learned how to:
 |
Create a new user. |
|
Change the attributes associated
with a user. |
|
Unlock a user account and set
a new password. |
|
Grant system privileges to a
user. |
|
Create a role and assign the
new role to an existing role. |
Back to Topic List
Place the cursor over this icon to hide all screenshots.
| 
Bookmark
