Difference between revisions of "User Management"

From dbawiki
Jump to: navigation, search
(On Windows...)
(Create external user)
Line 75: Line 75:
 
</pre>
 
</pre>
  
 +
===Show list of database users and their roles / privileges===
 +
<pre>
 +
select
 +
  lpad(' ', 2*level) || granted_role "User, his roles and privileges"
 +
from
 +
  (
 +
  /* THE USERS */
 +
    select
 +
      null    grantee,
 +
      username granted_role
 +
    from
 +
      dba_users
 +
  /* THE ROLES TO ROLES RELATIONS */
 +
  union
 +
    select
 +
      grantee,
 +
      granted_role
 +
    from
 +
      dba_role_privs
 +
  /* THE ROLES TO PRIVILEGE RELATIONS */
 +
  union
 +
    select
 +
      grantee,
 +
      privilege
 +
    from
 +
      dba_sys_privs
 +
  )
 +
start with grantee is null
 +
connect by grantee = prior granted_role;
 +
</pre>
 
===Create external user===
 
===Create external user===
 
====Check the authentification prefix====
 
====Check the authentification prefix====

Revision as of 15:22, 19 September 2016

Users created when installing Oracle 11.2.0.4 Standard Edition

select username from dba_users order by 1;

USERNAME
------------------------------
ANONYMOUS
APEX_030200
APEX_PUBLIC_USER
APPQOSSYS
CTXSYS
DBSNMP
DIP
EXFSYS
FLOWS_FILES
MDSYS
MGMT_VIEW
ORACLE_OCM
ORDDATA
ORDPLUGINS
ORDSYS
OUTLN
OWBSYS
OWBSYS_AUDIT
SI_INFORMTN_SCHEMA
SYS
SYSMAN
SYSTEM
WMSYS
XDB
XS$NULL

25 rows selected.

Users created when installing Oracle 11.2.0.4 Enterprise Edition

select username from dba_users order by 1;

USERNAME
------------------------------
ANONYMOUS
APEX_030200
APEX_PUBLIC_USER
APPQOSSYS
CTXSYS
DBSNMP
DIP
EXFSYS
FLOWS_FILES
MDDATA
MDSYS
MGMT_VIEW
OLAPSYS
ORACLE_OCM
ORDDATA
ORDPLUGINS
ORDSYS
OUTLN
OWBSYS
OWBSYS_AUDIT
SI_INFORMTN_SCHEMA
SPATIAL_CSW_ADMIN_USR
SPATIAL_WFS_ADMIN_USR
SYS
SYSMAN
SYSTEM
WMSYS
XDB
XS$NULL

29 rows selected.

Show list of database users and their roles / privileges

select
  lpad(' ', 2*level) || granted_role "User, his roles and privileges"
from
  (
  /* THE USERS */
    select 
      null     grantee, 
      username granted_role
    from 
      dba_users
  /* THE ROLES TO ROLES RELATIONS */ 
  union
    select 
      grantee,
      granted_role
    from
      dba_role_privs
  /* THE ROLES TO PRIVILEGE RELATIONS */ 
  union
    select
      grantee,
      privilege
    from
      dba_sys_privs
  )
start with grantee is null
connect by grantee = prior granted_role;

Create external user

Check the authentification prefix

SQL> show parameter authent

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
os_authent_prefix                    string      ops$
SQL>

On Unix...

create user ops$oracle identified externally;
grant create session to ops$oracle;

On Windows...

Watch out on Windows - the domain name needs to be included! 

create user "ops$domainname.com\oracle" identified externally;
grant create session to "ops$domainname.com\oracle";

Additionally, the following option must be set in "%ORACLE_HOME%\network\admin\sqlnet.ora"
If this is not present, you will not be able to connect as sysdba 

SQLNET.AUTHENTICATION_SERVICES=(NTS)
Retrieved from "https://mailnest.com/dbawiki/index.php?title=User_Management&oldid=2322"