13 1 2 l CREATE USER username IDENTIFIED
![13. 1. 3 修改用户 l 基本语法 — — — ALTER USER user_name [IDENTIFIED] [BY](https://slidetodoc.com/presentation_image_h/0c65ebc9f6d84326af93288e47f0477a/image-10.jpg "13. 1. 3 修改用户 l 基本语法 — — — ALTER USER user_name [IDENTIFIED] [BY")
![(3)用户角色的激活或屏蔽 l 语法为 — ALTER USER user_name DEFAULT ROLE — [role_name]|[ALL [EXCEPT role_name]]| —](https://slidetodoc.com/presentation_image_h/0c65ebc9f6d84326af93288e47f0477a/image-50.jpg "(3)用户角色的激活或屏蔽 l 语法为 — ALTER USER user_name DEFAULT ROLE — [role_name]|[ALL [EXCEPT role_name]]| —")
![13. 5. 6 网络审计 l 网络审计的语法为: — AUDIT NETWORK [BY SESSION|ACCESS][WHENEVER [NOT] SUCCESSFUL] l](https://slidetodoc.com/presentation_image_h/0c65ebc9f6d84326af93288e47f0477a/image-86.jpg "13. 5. 6 网络审计 l 网络审计的语法为: — AUDIT NETWORK [BY SESSION|ACCESS][WHENEVER [NOT] SUCCESSFUL] l")
- Slides: 87
13. 1. 2. 创建用户 l 基本语法 — — — — — CREATE USER user_name IDENTIFIED [BY password|EXTERNALLY|GLOBALLY AS 'external_name'] [DEFAULT TABLESPACE tablespace_name] [TEMPORARY TABLESPACE temp_tablesapce_name] [QUOTA n K|M|UNLIMITED ON tablespace_name] [PROFILE profile_name] [PASSWORD EXPIRE] [ACCOUNT LOCK|UNLOCK];
l 创建一个用户user 2,口令为user 2,默认表空间 为USERS,在该表空间的配额为 10 MB。口令设 置为过期状态,即首次连接数据库时需要修改口 令。概要文件为example_profile(假设该概要 文件已经创建)。 — CREATE USER user 2 IDENTIFIED BY user 2 — DEFAULT TABLESPACE USERS QUOTA 10 M — ON USERS PROFILE example_profile — PASSWORD EXPIRE;
13. 1. 3 修改用户 l 基本语法 — — — ALTER USER user_name [IDENTIFIED] [BY password|EXTERNALLY|GLOBALLY AS 'external_name'] [DEFAULT TABLESPACE tablespace_name] [TEMPORARY TABLESPACE temp_tablesapce_name] [QUOTA n K|M|UNLIMITED ON tablespace_name] [PROFILE profile_name] [DEFAULT ROLE role_list|ALL [EXCEPT role_list] |NONE] [PASSWORD EXPIRE] [ACCOUNT LOCK|UNLOCK];
l 将用户user 1的口令修改为newuser 1,同时将该 用户解锁。 — ALTER USER user 1 IDENTIFIED BY newuser 1 ACCOUNT UNLOCK; l 修改用户user 2的默认表空间为ORCLTBS 1,在 该表空间的配额为 20 MB,在USERS表空间的配 额为 10 MB。 — ALTER USER user 4 — DEFAULT TABLESPACE ORCLTBS 1 — QUOTA 20 M ON ORCLTBS 1 — QUOTA 10 M ON USERS;
l 查看数据库所有用户名及其默认表空间。 — SELECT SERNAME, DEFAULT_TABLESPACE — FROM DBA_USERS; l 查看数据库中各用户的登录时间、会话号。 — SELECT — SID, SERIAL#, LOGON_TIME, USERNAME — FROM V$SESSION;
l 为PUBLIC用户组授予CREATE SESSION系统权限。 — l 为用户user 1授予CREATE SESSION,CREATE TABLE,CREATE INDEX系统权限。 — l GRANT CREATE SESSION TO PUBLIC; GRANT CREATE SESSION, CREATE TABLE, CREATE VIEW TO user 1; 为用户user 2授予CREATE SESSION,CREATE TABLE ,CREATE INDEX系统权限。user 2获得权限后, 为用户user 3授予CREATE TABLE权限。 — — GRANT CREATE SESSION, CREATE TABLE, CREATE VIEW TO user 2 WITH ADMIN OPTION; CONNECT user 2/user 2 @HUMAN_RESOURCE GRANT CREATE TABLE TO user 3;
l 将ehr模式下的employees表的SELECT、UPDATE、 INSERT权限授予user 1用户。 — l GRANT SELECT, INSERT, UPDATE ON ehr. employees TO user 1; 将ehr模式下的employees表的SELECT、UPDATE、 INSERT权限授予user 2用户。user 2用户再将 employees表的SELECT、UPDATE权限授予user 3 用户。 — — CONNECT system/tiger@HUMAN_RESOURCE GRANT SELECT, INSERT, UPDATE ON ehr. employees TO user 2 WITH GRANT OPTION; CONNECT user 2/user 2@HUMAN_RESOURCE GRANT SELECT, UPDATE ON ehr. employees TO user 3;
WITH ADMIN OPTION DBA Jeff Emi GRANT REVOKE
WITH GRANT OPTION scott user 2 user 3 GRANT REVOKE Bob Jeff Emi
角 色 CONNECT RESOURCE DBA 角色具有的部分� 限 CREATE SESSION, CREATE CLUSTER,CREATE OPERATOR,CREATE TRIGGER,CREATE TYPE,CREATE SEQUENCE, CREATE INDEXTYPE,CREATE PROCEDURE, CREATE TABLE ADMINISTER DATABSE TRIGGER, ADMINISTER RESOURCE MANAGE,CREATE…, CREATE ANY…,ALTER ANY…,DROP…, DROP ANY…,EXECUTE ANY… EXP_FULL_ DATABASE ADMINISTER RESOURCE MANAGE,BACKUP ANY TABLE, EXECUTE ANY PROCEDURE,SELECT ANY TABLE, EXECUTE ANY TYPE IMP_FULL_ DATABASE ADMINISTER DATABSE TRIGGER, ADMINISTER RESOURCE MANAGE,CREATE ANY…, ALTER ANY…,DROP ANY…,EXECUTE ANY…
l 例如,创建不同类型的角色。 — CREATE ROLE high_manager_role; — CREATE ROLE middle_manager_role IDENTIFIED BY middlerole; — CREATE ROLE low_manager_role IDENTIFIED BY lowrole;
— GRANT CONNECT, RESOURCE, DBA TO high_manager_role; — GRANT SELECT, UPDATE, INSERT, DELETE ON scott. emp TO high_manager_role; — REVOKE CONNECT FROM low_manager_role; — REVOKE CREATE TABLE, CREATE VIEW FROM middle_manager_role; — REVOKE UPDATE, DELETE , INSERT ON scott. emp FROM high_manager_role;
(3)修改角色 l 概念 — 修改角色是指修改角色生效或失效时的认证方式,也 就是说,是否必须经过Oracle确认才允许对角色进行 修改。 l 修改角色的语法 — ALTER ROLE role_name — [NOT IDENTIFIED]|[IDENTIFIED BY password]; l 示例 — ALTER ROLE high_manager_role IDENTIFIED BY highrole; — ALTER ROLE middle_manager_role NOT IDENTIFIED;
(1)给用户或角色授予角色 l 语法 — GRANT l role_list TO user_list|role_list; 例如,将CONNECT,high_manager_role角 色授予用户user 1,将RESOURCE,CONNECT 角色授予角色middle_manager_role。 — GRANT CONNECT, high_manager_role TO user 1; — GRANT RESOURCE, CONNECT TO middle_manager_role;
(2)从用户或角色回收角色 l 语法为 — REVOKE l role_list FROM user_list|role_list; 例如,回收角色middle_manager_role的 RESOURCE,CONNECT角色。 — REVOKE RESOURCE, CONNECT FROM middle_manager_role;
(3)用户角色的激活或屏蔽 l 语法为 — ALTER USER user_name DEFAULT ROLE — [role_name]|[ALL [EXCEPT role_name]]| — [NONE]; l 示例 — ALTER USER user 1 CONNECT, DBA; — ALTER USER user 1 EXCEPT DBA; DEFAULT ROLE NONE; DEFAULT ROLE ALL; DEFAULT ROLE ALL
l 查询角色CONNECT所具有的系统权限信息。 — SELECT * — FROM ROLE_SYS_PRIVS — WHERE ROLE='CONNECT'; l 查询DBA角色被授予的角色信息。 — SELECT * — FROM ROLE_PRIVS — WHERE ROLE='DBA';
13. 4. 3 创建概要文件 l 语法为 — — l CREATE PROFILE profile_name LIMIT resource_parameters|password_parameters; 参数说明如下。 — — — profile_name:用于指定要创建的概要文件名称; resource_parameter:用于设置资源限制参数,形式为 p resource_parameter_name integer|UNLIMITED|DEFALUT password_parameters:用于设置口令参数,形式为 p password_parameter_name integer|UNLIMITED|DEFALUT
l 将概要文件分配给用户 — 可以在创建用户时为用户指定概要文件 p CREATE USER user 1 IDENTIFIED BY user 1 PROFILE res_profile; —也可以在修改用户时为用户指定概要文件。 § ALTER USER user 2 PROFILE pwd_profile;
13. 4. 4 修改概要文件 l 语法为 — ALTER PROFILE profile_name LIMIT — resource_parameters|password_paramet ers; l 注意 — 对概要文件的修改只有在用户开始一个新的会话时才 会生效。 l 修改pwd_profile概要文件,将用户口令有效期 设置为 10天。 — ALTER PROFILE pwd_profile LIMIT — PASSWORD_LIFE_TIME 10;
l 通过SQL*Plus环境启动数据库的审计功能。 — ALTER SYSTEM SET audit_trail ='DB' SCOPE=SPFILE; — SHUTDOWN IMMEDIATE — STARTUP
l 对ehr用户的ALTER TABLE操作、对所有用户的 连接操作进行审计。 — CONN system/tiger@HUMAN_RESORUCE — AUDIT ALTER TABLE BY ehr WHENEVER SUCCESSFUL; — AUDIT ALL STATEMENTS IN SESSION CURRENT BY ACCESS WHENEVER NOT SUCCESSFUL;
13. 5. 4 权限审计 l 概念 — 权限审计是指对特定系统权限的使用情况进行审计。 l 语法 — — l AUDIT system_privilege [BY user 1, user 2…] [BY SESSION|ACCESS] [WHENEVER [NOT] SUCCESSFUL] 对用户SCOTT和用户ehr的部分系统权限进行审 计。 — — AUDIT CREATE ANY TABLE, CREATE ANY VIEW BY scott, ehr; AUDIT ALTER ANY TABLE BY ehr WHENEVER SUCCESSFUL;
13. 5. 5 对象审计 l 概念 — 对象审计是指对特定模式对象执行的特点操作进行审计, 与用户没有关系。 l 语法为 — — l AUDIT object_privilege ON schema. object_name [BY user 1, user 2…][BY SESSION|ACCESS][WHENEVER [NOT] SUCCESSFUL] 参数说明 — object_privilege:特定的对象权限 — schema. object_name:特定模式对象。
l 对scott模式下的emp表、dept表进行审计。 — AUDIT SELECT, UPDATE ON scott. emp BY ACCESS; — AUDIT INSERT, DELETE ON scott. dept BY SESSION WHENEVER NOT SUCCESSFUL; l 如果要了解当前数据库对哪些模式对象进行了审 计以及审计设置信息,可以通过查询数据字典视 图DBA_OBJ_AUDIT_OPTS获得。 — SELECT owner, object_type, ins, upd, sel, del FROM dba_obj_audit_opts;
13. 5. 6 网络审计 l 网络审计的语法为: — AUDIT NETWORK [BY SESSION|ACCESS][WHENEVER [NOT] SUCCESSFUL] l 对当前网络进行审计。 — AUDIT NETWORK BY ACCESS;
Create user username identified by password
Jika noel(create(q)) adalah 0, maka front(create(q)) adalah
Graphics & multimedia software
Single user and multi user operating system
Operating systems
Hdfs chown
Hinari login
Medibuddy password
Fiu username
Hinari login password
Cara daftar sisrute kemkes
Git global username
Git global config
Hinari username password
Username dan password sapa warga
Osvdb-3268 exploit
Please enter your username
Localhost username and password
Hinari username password
Ora-12638
Webgoat default username and password
Medline plus
Private string name
Realsoft 11.6 software download
Dash classes identified during access layer design
Multimedia linear and nonlinear
Why drawing was identified as the language of industry
Intrinsic motivation
Identification of the system for development
This is one of the identified reasons why
Under identified model
Identified equation
Sdt motivation continuum
Characteristics of family
A(n) has no signs or signals to regulate traffic.
Pictogram can be easily identified
The organelle identified in the picture as #10
Why community problems have to be analyzed?
Pictograms can be easily identified because they have a
Minerals can be identified by
Fundamental english structure
Any mirror with a flat surface
For the view create view instructor_info as
How to create a resource loading chart
Engineers marking out table
Lincoln the best way to predict the future is to create it
Formal planning may create rigidity.
Java client server tutorial
Create synonym
How to create an affinity diagram in word
Who is this
Eliminate reduce raise create grid
Create png
Enterprise data model approach
Inferring speaker's tone mood and purpose
This create
Create or replace procedure add_dept
The power process: “i create it all” is:
Create table department with given columns
Writing a piecewise function from a graph
The scenery backdrops and furniture that create the setting
Value creation practices
How to post award in philgeps
How to write a creed
Assertion sql
How to create a resource loading chart
Create usi
Geometry acrostic poem
Hypothesis testing for variance
Chromatin draws together to create
Why do people create, structure, and change government?
Create html form
Routine letters
How to create a web page using dreamweaver 8
Create shippers letter of instruction
(a+b+c)^3
Master production schedule example
Create augmented reality poster
Lab 5-2: create partitions and filesystems
Create your own propaganda poster
Statement of the problem in research example
Rising action of mulan
The future is ours to create
Li ping phar
Dcjs unarmed security license
A group of lines in a poem.
Create performance task examples
Create css file
