Chapter 3- Database users

Chapter 3 - Dr. Girija Narasimhan

Creating a New User Account (P 2-2)

Create a database user with the CREATE USER system privilege.
A database administrator or security administrator is usually the only user who
has the CREATE USER system privilege.
CREATE USER jward
IDENTIFIED BY jw
DEFAULT TABLESPACE data_ts
QUOTA 100M ON test_ts
QUOTA 500K ON data_ts
TEMPORARY TABLESPACE temp_ts
PROFILE clerk;
GRANT CREATE SESSION TO jward;
A newly created user cannot connect to the database until you grant the user
the CREATE SESSION system privileges.

Chapter 3 - Dr. Girija Narasimhan

Specifying a User Name (p 2-2)

Within each database, a user name must be unique with respect to other
user names and roles. A user and role cannot have the same name.

User Ahmed is stored in the

database in upper-case letters.

Chapter 3 - Dr. Girija Narasimhan

if you enclose the user name in double quotation marks, then the name is
stored using the case sensitivity that you used for the name. (p. 2-3)

Drop the user that you had created using double

quotation marks, then you must enclose the user
name in double quotation marks
Chapter 3 - Dr. Girija Narasimhan

Assigning a Default Tablespace for the User (p. 2-4)

Each user should have a default tablespace.

Purpose of default table space
When a schema object is created in the users schema and the DDL
statement does not specify a tablespace to contain the object, Oracle
Database stores the object in the default users tablespace.
By default setting
default tablespaces of all users is the SYSTEM tablespace
In general, do not store user data in the SYSTEM tablespace, then user should
specifically assign the user a default tablespace, such as the USERS tablespace
(refer slide no. 6)
How user create default tablespace

use the CREATE TABLESPACE SQL statement to create a default

permanent tablespace other than SYSTEM at the time of database creation
(refer slide no.7)
Chapter 3 - Dr. Girija Narasimhan

USERS tablespace
Create New User Without Determine which Tablespace:

SQL> create user amar identified by amar;

Check TableSpace for AMAR User:

SQL> select default_tablespace from dba_users where username= 'AMAR';

DEFAULT_TABLESPACE
-----------------------------USERS
(OR)

define Tablespace When Creating User

SQL > create user amar identified by amar default tablespace USER
Chapter 3 - Dr. Girija Narasimhan

CREATE TABLESPACE using default tablespace

SQL> CREATE TABLESPACE amar_ts
DATAFILE 'c:\temp\amar1.dbf' SIZE 1M EXTENT MANAGEMENT LOCAL
SEGMENT SPACE MANAGEMENT AUTO;
Tablespace created.

SQL> alter database default tablespace AMAR_TS;

Database altered.
SQL> select default_tablespace from dba_users where username='AMAR';
DEFAULT_TABLESPACE
-----------------------------AMAR_TS
Chapter 3 - Dr. Girija Narasimhan

User created default permanent tablespace

Features of user created default permanent tablespace

This default permanent tablespace is not used by system users, that

is, SYS, SYSTEM, and OUTLN,

Tablespace designated as the default permanent tablespace cannot be dropped.

use the ALTER TABLESPACE SQL statement to alter the default
permanent tablespace to another tablespace
Alternative method to create user default tablespace

set a user default tablespace during user creation, and change it later
with the ALTER USER statement. (refer slide 9)
Changing the user default tablespace affects only objects created after the
setting is changed.

Chapter 3 - Dr. Girija Narasimhan

ALTER USER statement Change the default tablespace

SQL> select default_tablespace from dba_users where username='AMAR';
DEFAULT_TABLESPACE
-----------------------------AMAR_TS
SQL> alter user amar default tablespace USERS;
User altered.
SQL> select default_tablespace from dba_users where username='AMAR';
DEFAULT_TABLESPACE
-----------------------------USERS

Chapter 3 - Dr. Girija Narasimhan

Assigning a Tablespace Quota for the User (p 2-5)

Assign each user a tablespace quota for any tablespace

If the user has the privilege to create a schema object, then
you must assign a quota to allow the user to create objects
Purpose of Quota
Users with privileges to
create certain types of
objects can create
those objects in the
specified tablespace

Oracle database limits the

amount of space that can
be allocated for storage of a
users objects within the
specified tablespace to the
amount of the quota.

By default, a user has no quota on any tablespace in the database

CREATE USER ahmed

IDENTIFIED BY ahmed
DEFAULT TABLESPACE users
QUOTA 100M ON test_ts
QUOTA 500K ON data_ts
TEMPORARY TABLESPACE temp_ts
PROFILE clerk;
GRANT CREATE SESSION TO ahmed;
Chapter 3 - Dr. Girija Narasimhan

10

Assigning a Temporary Tablespace for the User (P. 2-6)

You should assign each user a temporary tablespace.
Why needed? Or purpose

When a user executes a SQL statement that requires a temporary segment,

Oracle Database stores the segment in the temporary tablespace of the
user.(slide 13)
Who and when?

These temporary segments are created by the system when

performing sort or join operations
The owner is sys how?

SYS, which has resource privileges in all tablespaces.

Chapter 3 - Dr. Girija Narasimhan

11

Temporary Tablespace
If <user explicitly dont create> then

By default SYSTEM table space

<Else>

Method 1

Method 2

By an ALTER DATABASE
Statement at a later time
(slide 14)

Oracle database assigns the

user the default temporary
tablespace that was specified
at database creation

Chapter 3 - Dr. Girija Narasimhan

12

SQL> select TEMPORARY_TABLESPACE

from DBA_USERS

where USERNAME='AMAR';

TEMPORARY_TABLESPACE
-----------------------------TEMP
SQL> CREATE TEMPORARY TABLESPACE TEMP_TS TEMPFILE 'C:\TEMP\AMAR_tEMP.DBF'
SIZE 20M REUSE
EXTENT MANAGEMENT LOCAL UNIFORM SIZE 16M;

Tablespace created.

SQL> alter user amar temporary tablespace TEMP_TS;

User altered.
SQL> select TEMPORARY_TABLESPACE
USERNAME='AMAR';

from DBA_USERS

where

TEMPORARY_TABLESPACE
-----------------------------TEMP_TS
Chapter 3 - Dr. Girija Narasimhan

13

ALTER DATABASE

SQL> select TEMPORARY_TABLESPACE

USERNAME='AMAR';

from DBA_USERS

where

TEMPORARY_TABLESPACE
-----------------------------TEMP
SQL> alter database default temporary tablespace TEMP_TS;
Database altered.

SQL> select TEMPORARY_TABLESPACE

USERNAME='AMAR';

from DBA_USERS

where

TEMPORARY_TABLESPACE
-----------------------------TEMP_TS
Chapter 3 - Dr. Girija Narasimhan

14

Specifying a Profile for the User (p 2-7)

What is profile?
profile is a set of limits on database resources and password
access to the database.
specify a profile when you create a user.
Do not specify a profile, then Oracle Database assigns the user a default profile

create profile clerk limit

sessions_per_user 1
idle_time 30
connect_time 600;

CREATE USER ahmed

IDENTIFIED BY ahmed
DEFAULT TABLESPACE USERS
QUOTA 500K ON USERS
TEMPORARY TABLESPACE temp_ts
PROFILE clerk

Profile created.
Chapter 3 - Dr. Girija Narasimhan

15

Dropping Profiles (P. 2-14)

To drop a profile, you must have the DROP PROFILE system privilege.
You can drop a profile (other than the default profile) using the SQL
statement DROP PROFILE.

To successfully drop a profile currently assigned to a user , use the

CASCADE option. (slide 17)
The following statement drops the profile clerk, even though it is assigned to
a user:
DROP PROFILE clerk CASCADE;
Any user currently assigned to a profile that is dropped is automatically
assigned to the DEFAULT profile. (slide 18)
The DEFAULT profile cannot be dropped. When a profile is
dropped, the drop does not affect currently active sessions. (slide 19)
Only sessions created after a profile is dropped use the modified profile
assignments.
Chapter 3 - Dr. Girija Narasimhan

16

SQL> create profile clerk limit

2
sessions_per_user 1
3
idle_time 30
4
connect_time 600;
Profile created.

Oracle Database assigns

the user a default profile

SQL> select username,profile from dba_users where

username='AMAR';
USERNAME
PROFILE
------------------------------ ------------------------AMAR
DEFAULT

SQL> ALTER USER AMAR PROFILE CLERK;

User altered.
SQL> DROP PROFILE CLERK;
DROP PROFILE CLERK
*
ERROR at line 1:
ORA-02382: profile CLERK has users assigned, cannot
drop without CASCADE

SQL> DROP PROFILE CLERK CASCADE;

Profile dropped.
Chapter
chapter 3 --Dr.
Dr. Girija
Girija Narasimhan
Narasimhan

currently
assigned to a
user, use the
CASCADE
option.

17

Any user currently assigned to a profile that is dropped is

automatically assigned to the DEFAULT profile.
SQL> create profile clerk limit
sessions_per_user 1
idle_time 30
connect_time 600;
Profile created.
SQL> ALTER USER AMAR PROFILE CLERK;
User altered.
SQL> select username,profile from dba_users where username='AMAR';
USERNAME
PROFILE
------------------------------ -----------------------------AMAR
CLERK
SQL> DROP PROFILE CLERK CASCADE;
Profile dropped.
SQL> select username,profile from dba_users where username='AMAR';
USERNAME
PROFILE
------------------------------ -----------------------------AMAR
DEFAULT1818
Chapter 3 - Dr. Girija Narasimhan

18

The DEFAULT profile cannot be dropped

SQL> DROP PROFILE default;

DROP PROFILE default
*
ERROR at line 1:
ORA-00931: missing identifier
SQL> DROP PROFILE DEFAULT CASCADE;
DROP PROFILE DEFAULT CASCADE
*
ERROR at line 1:
ORA-00931: missing identifier
SQL> CREATE ROLE CLERK;
Role created.
SQL> CREATE USER AMAR IDENTIFIED BY CL
PROFILE CLERK;
User created.

No need role and

profile has unique
name, i.e same name
allowed.
only role and user name
not same name (it
should be unique)

SQL> GRANT CLERK TO AMAR;

Grant succeeded.
Chapter 3 - Dr. Girija Narasimhan

19

Using the ALTER USER Statement to Alter a User Account (P 2-8)

You can alter user security settings with the ALTER USER SQL statement.
Changing user security settings affects the future user sessions, not current
sessions.
Authentication is changed to use the
operating system (from database)
ALTER USER avyrros
account of the user avyrros. For
IDENTIFIED EXTERNALLY
database need password

DEFAULT TABLESPACE data_ts

TEMPORARY TABLESPACE temp_ts
QUOTA 100M ON data_ts
QUOTA 0 ON test_ts
PROFILE clerk;

The quota on the

test_ts is revoked for
the user avyrros.

Chapter 3 - Dr. Girija Narasimhan

Changing Non-SYS User Passwords (p. 2-8)

Most users can change their own passwords with the PASSWORD
statement, as follows:
SQL> alter user ahmed identified by ah;
User altered.
No special privileges (other than those to connect to the database and
create a session) are required for a user to change his or her own
password.
Deleting User Accounts (p 2-14)
When you drop a user account, Oracle Database removes the
user account and associated schema from the data dictionary.
It also immediately drops all schema objects contained in the user
schema

DROP USER AMAR CASCADE;

Chapter 3 - Dr. Girija Narasimhan

21

Listing All Users and Associated Information (P 2-16)

To find all users and their associated information as defined in the

database, query the DBA_USERS view
SQL> SET LINESIZE 300;
SQL> SELECT USERNAME, PROFILE, ACCOUNT_STATUS, AUTHENTICATION_TYPE FROM
DBA_USERS WHERE USERNAME='AMAR';
USERNAME
PROFILE
ACCOUNT_STATUS
AUTHENTI
------------------------------ -----------------------------AMAR
DEFAULT
OPEN
PASSWORD

Chapter 3 - Dr. Girija Narasimhan

22

Listing All Tablespace Quotas (P 2-17)

SQL> SELECT * FROM DBA_TS_QUOTAS;

Use the DBA_TS_QUOTAS view to list all tablespace quotas
specifically assigned to each user.

When specific quotas are assigned, the exact number is indicated

in the MAX_BYTES column.
This number is always a multiple of the database block size, so if
you specify a tablespace quota that is not a multiple of the
database block size, then it is rounded up accordingly. Unlimited
quotas are indicated by -1.
Chapter 3 - Dr. Girija Narasimhan

23

Listing All Profiles and Assigned

Limits (P 2-17)
The DBA_PROFILE view lists all profiles in the database and
associated settings for each limit in each profile.
SQL> SET LINESIZE 300;
SQL> SELECT * FROM DBA_PROFILES WHERE PROFILE='CLERK';

Chapter 3 - Dr. Girija Narasimhan

24

DROP and ALTER TABLESPACE

SQL> set linesize 300;
SQL> select DEFAULT_TABLESPACE,TEMPORARY_TABLESPACE,username from
dba_users;
DEFAULT_TABLESPACE
TEMPORARY_TABLESPACE
USERNAME
------------------------------ -----------------------------SYSTEM
TEMP_TS
SYSTEM
SYSTEM
TEMP_TS
SYS
SYSTEM
TEMP_TS
MGMT_VIEW
SYSAUX
TEMP_TS
DBSNMP
SYSAUX
TEMP_TS
SYSMAN
AMAR_TS
TEMP_TS
JINAN
AMAR_TS
TEMP_TS
REEM
AMAR_TS
TEMP_TS
SAFA
AMAR_TS
TEMP_TS
AMAR
AMAR_TS
TEMP_TS
HR
AMAR_TS
TEMP_TS
TALIB
SQL> alter database default tablespace USERS;
Database altered.
SQL> ALTER DATABASE DEFAULT TEMPORARY TABLESPACE TEMP;
Database altered.

SQL> set linesize 300;

SQL> select DEFAULT_TABLESPACE,TEMPORARY_TABLESPACE,username from
dba_users;
DEFAULT_TABLESPACE
TEMPORARY_TABLESPACE
USERNAME
------------------------------ ---------------------------SYSTEM
TEMP
SYSTEM
SYSTEM
TEMP
SYS
SYSTEM
TEMP
MGMT_VIEW
SYSAUX
TEMP
DBSNMP
SYSAUX
TEMP
SYSMAN
USERS
TEMP
JINAN
USERS
TEMP
REEM
USERS
TEMP
SAFA
USERS
TEMP
AMAR
USERS
TEMP
HR
USERS
TEMP
TALIB
SQL> DROP TABLESPACE AMAR_TS INCLUDING CONTENTS AND DATAFILES;
Tablespace dropped.

SQL> DROP TABLESPACE TEMP_TS INCLUDING CONTENTS AND DATAFILES;

Tablespace dropped.

LAB EXERCISE
Step 1: create profile
create profile clerk limit
sessions_per_user 1
idle_time 30
connect_time 600;
Step 2: create temporary tablespace

CREATE TEMPORARY TABLESPACE TEMP_AH TEMPFILE 'C:\TEMP\TEMP_AH1.DBF'

SIZE 20M REUSE
EXTENT MANAGEMENT LOCAL UNIFORM SIZE 16M;
Step 3: create temporary tablespace
CREATE TABLESPACE Data_AH DATAFILE 'c:\temp\data_ah1.dbf'
SIZE 1M EXTENT MANAGEMENT LOCAL
SEGMENT SPACE MANAGEMENT AUTO;

Chapter 3 - Dr. Girija Narasimhan

27

Step 4: create user

LAB EXERCISE

SQL> CREATE USER ahmed

2 IDENTIFIED BY ahmed
3 DEFAULT TABLESPACE DATA_AH
4 QUOTA 500K ON DATA_AH
5 TEMPORARY TABLESPACE TEMP_AH
6 PROFILE clerk;
User created.

Create default tablespace and

temporary tablespace.
Otherwise mention default
tablespace is USERS and
temporary tablespace TEMP.
Otherwise the below given error
will occur.

Chapter 3 - Dr. Girija Narasimhan

28

CASE STUDY
Create a Manager profile, Default tablespace Zahra_data, temporary tablespace
zahra_temp. And assign profile, default tablespace, temporary tablespace and
also assign quota 500k to user Zahra.

-Change default tablespce as USERS

-remove temporary tablespace zahra_temp
-Display temporary tablespce used by Zahra
-display all limits of MANAGER Profile
-display all the information of user Zahra
-Display only Quota information
-Delete Manager profile.
-assign a role staff to Zahra as default role
-revoke the quota
-change the password of zahra to flower
- Delete the user
Chapter 3 - Dr. Girija Narasimhan

29

Reference

Chapter
chapter 3 --Dr.
Dr. Girija
Girija Narasimhan
Narasimhan

30

SYSTEM tablespace
The primary tablespace in any database is the SYSTEM
tablespace, which contains information basic to the
functioning of the database server, such as the data
dictionary and the system rollback segment.
The SYSTEM tablespace is the first tablespace created
at database creation.
It is managed as any other tablespace, but requires a
higher level of privilege and is restricted in some ways.
For example, you cannot rename or drop the SYSTEM
tablespace or take it offline.

Chapter
chapter 3 --Dr.
Dr. Girija
Girija Narasimhan
Narasimhan

31

Temporary table spaces

Temporary table spaces are used for special operations, particularly for
sorting data results on disk and for hash joins in SQL.
For SQL with millions of rows returned, the sort operation is too large for
the RAM area and must occur on disk. The temporary tablespace is where
this takes place.
Each database should have one temporary tablespace that is created
when the database is created.

You create, drop and manage tablespaces with create temporary

tablespace, drop temporary tablespace and alter temporary tablespace
commands.

Chapter
chapter 3 --Dr.
Dr. Girija
Girija Narasimhan
Narasimhan

32

Oracle Database
Security Guide
11g Release 2 (11.2)
E36292-05
March 2014
This lecturer notes content prepared based on above given oracle database
security guide only.

Chapter 3 - Dr. Girija Narasimhan

33