博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理

Oracle 命令大汇总-用户角色权限管理

Posted on 2007-06-26 17:44  徐正柱-  阅读(645)  评论(1编辑  收藏  举报
第八章: managing password security and resources
    1.controlling account lock and password 
    sql> alter user juncky identified by oracle account unlock; 
    2.user_provided password function 
    sql> function_name(userid in varchar2(30),password in varchar2(30), 
    old_password in varchar2(30)) return boolean 
    3.create a profile : password setting 
    sql> create profile grace_5 limit failed_login_attempts 3 
    sql> password_lock_time unlimited password_life_time 30 
    sql>password_reuse_time 30 password_verify_function verify_function 
    sql> password_grace_time 5; 
    4.altering a profile 
    sql> alter profile default failed_login_attempts 3 
    sql> password_life_time 60 password_grace_time 10; 
    5.drop a profile 
    sql> drop profile grace_5 [cascade]; 
    6.create a profile : resource limit 
    sql> create profile developer_prof limit sessions_per_user 2 
    sql> cpu_per_session 10000 idle_time 60 connect_time 480; 
    7. view => resource_cost : alter resource cost 
    dba_users,dba_profiles 
    8. enable resource limits 
    sql> alter system set resource_limit=true;

 第九章:managing users
    1.create a user: database authentication 
    sql> create user juncky identified by oracle default tablespace users 
    sql> temporary tablespace temp quota 10m on data password expire 
    sql> [account lock|unlock] [profile profilename|default]; 
    2.change user quota on tablespace 
    sql> alter user juncky quota 0 on users; 
    3.drop a user 
    sql> drop user juncky [cascade]; 
    4. monitor user 
    view: dba_users , dba_ts_quotas 
第十章:managing privileges
    1.system privileges: view => system_privilege_map ,dba_sys_privs,session_privs 
    2.grant system privilege 
    sql> grant create session,create table to managers; 
    sql> grant create session to scott with admin option; 
    with admin option can grant or revoke privilege from any user or role; 
    3.sysdba and sysoper privileges: 
    sysoper: startup,shutdown,alter database open|mount,alter database backup controlfile, 
    alter tablespace begin/end backup,recover database 
    alter database archivelog,restricted session 
    sysdba: sysoper privileges with admin option,create database,recover database until 
    4.password file members: view:=> v$pwfile_users 
    5.o7_dictionary_accessibility =true restriction access to view or tables in other schema 
    6.revoke system privilege 
    sql> revoke create table from karen; 
    sql> revoke create session from scott; 
    7.grant object privilege 
    sql> grant execute on dbms_pipe to public; 
    sql> grant update(first_name,salary) on employee to karen with grant option; 
    8.display object privilege : view => dba_tab_privs, dba_col_privs 
    9.revoke object privilege 
    sql> revoke execute on dbms_pipe from scott [cascade constraints]; 
    10.audit record view :=> sys.aud$ 
    11. protecting the audit trail 
    sql> audit delete on sys.aud$ by access; 
    12.statement auditing 
    sql> audit user; 
    13.privilege auditing 
    sql> audit select any table by summit by access; 
    14.schema object auditing 
    sql> audit lock on summit.employee by access whenever successful; 
    15.view audit option : view=> all_def_audit_opts,dba_stmt_audit_opts,dba_priv_audit_opts,
dba_obj_audit_opts
    16.view audit result: view=> dba_audit_trail,dba_audit_exists,dba_audit_object,
dba_audit_session,dba_audit_statement
 
    第十一章: manager role 
    1.create roles 
    sql> create role sales_clerk; 
    sql> create role hr_clerk identified by bonus; 
    sql> create role hr_manager identified externally; 
    2.modify role 
    sql> alter role sales_clerk identified by commission; 
    sql> alter role hr_clerk identified externally; 
    sql> alter role hr_manager not identified; 
    3.assigning roles 
    sql> grant sales_clerk to scott; 
    sql> grant hr_clerk to hr_manager; 
    sql> grant hr_manager to scott with admin option; 
    4.establish default role 
    sql> alter user scott default role hr_clerk,sales_clerk; 
    sql> alter user scott default role all; 
    sql> alter user scott default role all except hr_clerk; 
    sql> alter user scott default role none; 
    5.enable and disable roles 
    sql> set role hr_clerk; 
    sql> set role sales_clerk identified by commission; 
    sql> set role all except sales_clerk; 
    sql> set role none; 
    6.remove role from user 
    sql> revoke sales_clerk from scott; 
    sql> revoke hr_manager from public; 
    7.remove role 
    sql> drop role hr_manager; 
    8.display role information 
    view: =>dba_roles,dba_role_privs,role_role_privs,dba_sys_privs,
role_sys_privs,role_tab_privs,session_roles