top of page
Search

Oracle Database: Creating and Managing User Accounts, Configuring Privilege, and Role Authorization

Updated: 1 day ago

Managing users, privileges, and roles is a crucial aspect of Oracle database administration. It ensures that database access is controlled and that only authorized users can perform specific actions. This article provides a step-by-step guide on how to create and manage user accounts in Oracle, configure privilege and role authorization, and implement best practices for security and efficient database administration.


1. Creating User Accounts


When creating a new user in Oracle, it is essential to specify a username, password, and, optionally, additional attributes such as default tablespace, temporary tablespace, and quota for space usage.


Basic Syntax to Create a User:


CREATE USER username IDENTIFIED BY password;


Example:


CREATE USER user1 IDENTIFIED BY mypassword;




Creating a User with Additional Attributes:


CREATE USER user2




IDENTIFIED BY mypassword

DEFAULT TABLESPACE users

TEMPORARY TABLESPACE tempa

QUOTA 100M ON users;


Explanation:


  • DEFAULT TABLESPACE: Defines where the user's data (e.g., tables, indexes) will be stored by default.

  • TEMPORARY TABLESPACE: Assigns a tablespace for temporary operations like sorting.

  • QUOTA: Limits the amount of space a user can consume in the assigned tablespace.


2. Granting Privileges


After creating a user, they do not have any privileges by default, meaning they cannot perform any actions like connecting to the database or creating objects. Privileges must be explicitly granted to them.


Types of Privileges:


  • System Privileges: Allow users to perform administrative tasks (e.g., creating users, creating tablespaces).

  • Object Privileges: Control access to specific database objects (e.g., tables, views).


Granting System Privileges:


GRANT privilege TO username;


Example: Granting privileges to user2:


GRANT CREATE SESSION, CREATE TABLE TO user2;



Explanation:


  • CREATE SESSION: Allows the user to log in to the database.

  • CREATE TABLE: Allows the user to create tables.


Granting Object Privileges:


GRANT privilege ON object TO username;


Example: Granting user2 permission to select data from the employees table:


GRANT SELECT ON employees TO user2;




3. Creating and Managing Roles


Roles allow for more efficient privilege management by grouping multiple privileges together. Instead of granting each privilege individually to a user, you can create a role with a set of privileges and grant the role to the user.


Creating a Role:


CREATE ROLE role_name;


Example: Creating a role called manager:


CREATE ROLE manager;


Granting Privileges to a Role:


GRANT CREATE SESSION, CREATE TABLE TO manager;

GRANT SELECT, INSERT, UPDATE ON employees TO manager;




Granting Roles to Users:


GRANT role_name TO username;


Example: Granting the manager role to user1:


GRANT manager TO user1;



Now, user1 inherits all the privileges associated with the manager role.


4. Viewing User and Role Information


To check the details of user accounts, system privileges, and roles, Oracle provides data dictionary views.


Viewing All Users:


SELECT username FROM dba_users;


Viewing User Privileges:


SELECT * FROM dba_sys_privs WHERE grantee = 'USER2';



Viewing Object Privileges:


SELECT * FROM dba_tab_privs WHERE grantee = 'USER2';



Viewing Roles:


To see the roles assigned to a user:


SELECT * FROM dba_role_privs WHERE grantee = 'USER1';



To check privileges assigned to a role:


SELECT * FROM dba_sys_privs WHERE grantee = 'MANAGER';




5. Modifying and Dropping Users


Altering a User Account:


You can modify a user's attributes using the ALTER USER statement.


Changing a user's password:


ALTER USER user1 IDENTIFIED BY newpassword;



Changing the default tablespace:


ALTER USER user1 DEFAULT TABLESPACE users;


Dropping a User:


If a user account is no longer needed, it can be dropped with:


DROP USER username;


Example:


DROP USER user1;



To remove the user along with all of their objects (e.g., tables), use:


DROP USER user1 CASCADE;



6. Best Practices for Managing Users, Privileges, and Roles


  1. Principle of Least Privilege: Grant users only the privileges they need to perform their work, and nothing more. Avoid granting unnecessary system privileges.


  2. Use Roles for Privilege Management: Instead of granting individual privileges directly to users, use roles. This makes it easier to manage permissions when user responsibilities change.


  3. Monitor User Activity: Regularly check the privileges granted to users and roles to ensure there are no unnecessary permissions.


  4. Password Management: Implement policies for password complexity, expiration, and account locking to enhance security.


  5. Regular Audits: Periodically audit the user accounts and their privileges to ensure compliance with organizational security policies.


Conclusion


Creating and managing user accounts, and configuring privileges and roles, is fundamental for maintaining security in an Oracle database. By using roles and adhering to the principle of least privilege, you can efficiently control access and reduce the risk of unauthorized actions within the database. Oracle provides powerful tools and commands to handle user and role management, allowing DBAs to fine-tune security based on business needs.

By following best practices, database administrators can ensure that access is secure, roles are managed efficiently, and the overall database environment remains compliant with organizational policies.


Comments

Drop Me a Line, Let Me Know What You Think

Thanks for submitting!

© 2035 by Train of Thoughts. Powered and secured by Wix

bottom of page