Administering User Accounts and Security


Options



Before You Begin

Purpose

In this tutorial, you learn how to use Enterprise Manager Express to administer user accounts and roles, named groups of related system and object privileges.

Time to Complete

Approximately 1 hour

Background

For users to access your database, you must create user accounts and grant appropriate database access privileges to those accounts. A user account is identified by a user name and defines the attributes of the user.

What Do You Need?

  • Oracle Database 12c Release 2

Prerequisites

Before starting this tutorial, you should have:

  • Installed Oracle Database 12c Release 2
  • Configured the HTTPS port for Enterprise Manager Express

Administering Roles

Roles are named groups of related system and object privileges. You can create roles and then grant them to users and to other roles.

Viewing Roles

  1. Enter the URL for the Enterprise Manager Database Express for PDB in your browser and log in as the SYSTEM user.

    Enterprise Manager Login page
    Description of this image
  2. Select Roles in the Security menu.

    Security menu
    Description of this image

    Note: If you log in as the Enterprise Manager Database Express for CDB, you will not see Profiles in the Security menu.

  3. The Roles page is displayed.

    Roles page
    Description of this image
  4. To view the privileges granted to a role, select a role of interest. The CONNECT role is selected in this example. Click View Details in the Actions menu.

    Actions menu in Roles page
    Description of this image
  5. The Privileges & Roles tab shows the system privileges and roles granted to the CONNECT role. Click the Object Privileges tab.

    Privileges & Roles tab
    Description of this image
  6. The Object Privileges tab shows the object privileges granted to the role. There are no object privileges granted to the CONNECT role.

    Object Privileges tab
    Description of this image
  7. Click ORCL / ORCLPDB to return to the Database Home page.

Creating a Role

  1. Select Roles in the Security menu.

    Security menu
    Description of this image
  2. Click Create Role.

  3. Enter a name such as appdev for the role. Click the right arrow.

    Create Role page - Step 1
    Description of this image
  4. Select the privileges to grant to the role by selecting the privilege name and clicking the right arrow. Select CREATE PROCEDURE, CREATE SEQUENCE, CREATE SYNONYM, CREATE TABLE, CREATE TRIGGER, and CREATE VIEW.

  5. Select "With Admin" for each privilege. Click OK.

    Create Role page - Step 2
    Description of this image
  6. Click OK on the Confirmation page.

    Confirmation window
    Description of this image
  7. The new APPDEV role is displayed on the Roles page.

    Roles page
    Description of this image
  8. Click ORCL / ORCLPDB to return to the Database Home page.

Modifying a Role

  1. Select Roles in the Security menu.

    Security menu
    Description of this image
  2. Select the role to modify. In this example, the APPDEV role is modified. Select "Alter Privileges & Roles" in the Actions menu.

    Actions menu in Roles page
    Description of this image
  3. Select the CONNECT role. Click the right arrow.

  4. Select "With Admin" for the CONNECT role. Click OK.

    Alter Privileges & Roles page
    Description of this image
  5. Click OK on the Confirmation page. The Roles page is displayed again.

    Roles page
    Description of this image
  6. Click ORCL / ORCLPDB to return to the Database Home page.

Administering Database User Accounts

When you create a user account, you must assign a user name, a password, and default tablespaces for the account. You must also grant the appropriate system privileges, object privileges, and roles to the user account. If the user will create database objects, assign a space usage quota for each affected tablespace.

Viewing User Accounts

  1. Select Users in the Security menu.

    Security menu
    Description of this image
  2. The Users page is displayed.

    Users page
    Description of this image
  3. To view additional information about the user, select the user. Expand the Actions menu and select View Details. In this example, the HR user is selected.

    Actions menu in Users page
    Description of this image
  4. Privileges and roles granted to the user are displayed. 

    User Details page
    Description of this image
  5. Click ORCL / ORCLPDB to return to the Database Home page.

Creating a User Account

  1. Select Users in the Security menu.

    Security menu
    Description of this image
  2. Click Create User on the Users page.

  3. Enter a user name such as appuser in the Name field. Enter a password in the Password field and in the Confirm Password field. Accept the Profile default value of DEFAULT. Click the right arrow.

    Create User page - Step 1
    Description of this image
  4. Select the APPTS tablespace or another tablespace of your choice. Accept the Temporary Tablespace default of TEMP. Click the right arrow.

    Create User page - Step 2
    Description of this image
  5. Select the APPDEV role and select With Admin. Click OK.

    Create User page - Step 3
    Description of this image
  6. Click OK on the Confirmation page. The new APPUSER user is listed on the Users page.

    Users page
    Description of this image
  7. Click ORCL / ORCLPDB to return to the Database Home page.

Unlocking a User Account

  1. Select Users in the Security menu.

    Security menu
    Description of this image
  2. Select the HR user. Select Alter Account in the Actions menu.

    Actions menu in Users page
    Description of this image
  3. Deselect Account Locked. Click OK.

    Alter Account page
    Description of this image
  4. Click OK on the Confirmation page. The Account Status for the HR user indicates the user is unlocked.

    Users page
    Description of this image

Want to Learn More?