Professional Documents
Culture Documents
At A Glance: User Creation and Management
At A Glance: User Creation and Management
Chapter 7
User Creation and Management
At a Glance
Instructor’s Notes
♦ Chapter Overview
♦ Chapter Objectives
♦ Instructor Notes
♦ Troubleshooting Tips
♦ Quick Quizzes
♦ Discussion Questions
♦ Key Terms
Oracle 12c: SQL 7-2
Chapter Overview
The purpose of this chapter is to demonstrate the requirements for connecting a new user to an
Oracle database. Users need both a valid account and the CREATE SESSION privilege. In
addition, account management and security concepts are discussed. Strategies to simplify
privilege administration are presented in terms of roles.
Students must have the CREATE USER privilege to create the user accounts in this chapter. In
addition, students must have been granted CREATE SESSION privilege with the WITH
ADMIN OPTION to grant this privilege to new accounts. To create the role examples, the
students will need the CREATE ROLE system privilege.
Chapter Objectives
After completing this chapter, you should be able to do the following:
Instructor Notes
If you issue student Oracle accounts on a school server, assigning users account creation
privileges may not be an option. Please review the Instructor’s Setup Guide provided in the
Instructor Downloads area for suggestions in providing students limited access enabling
experimentation with much of the chapter content.
Data Security
Recent events have caused more attention to be focused in the areas of cyberterrorism and the
need for network security. Due to the type of detailed personal information contained in the
databases of government and business organizations, organizations are expected, even required,
Oracle 12c: SQL 7-3
to protect this information. It is not uncommon for a company whose database has been illegally
accessed to be sued for negligence due to lack of proper security measures. Oracle 12c supports
various levels of security, especially for verifying user identity, including support for third-party
biometric devices.
Quick Quiz
1. What is the purpose of authentication?
ANSWER: To ensure that users are who they claim they are
4. What term is used to describe individuals who gain illegal access to a system?
ANSWER: Hackers
Creating a User
When a user account is created, a password must be assigned. It is preferable to immediately
expire the password, which will force the user to change the DBA assigned password as soon as
the user first successfully connects to the database. Although a user may have a valid user
account, this does not imply that user will be to access the database. Privileges will still be
required, even with a valid account.
Troubleshooting Tip Have the students create a user account and then attempt to
connect to the database to demonstrate the need for the CREATE
SESSION privilege.
Oracle 12c: SQL 7-4
Quick Quiz
1. What clause is used with the CREATE USER command to specify a password for the
user?
ANSWER: IDENTIFIED BY
2. How can a user disconnect and reconnect to an Oracle database in one step?
ANSWER: Use the CONNECT command
Troubleshooting Tip Remind students that the ADMIN keyword is associated with
system privileges, whereas the GRANT keyword is associated
with object privileges, and that a cascade effect can occur when
revoking object privileges.
Oracle 12c: SQL 7-5
Quick Quiz
1. What is the difference between system privileges and object privileges?
ANSWER: Object privileges are granted on specific objects, whereas system privileges
apply across the entire database.
Utilizing Roles
Roles can be used to organize privileges granted to users. They can be organized based on the
type of tasks that need to be performed by users. A default role can be established for users.
However, users have the ability to enable other assigned roles when needed using the SET ROLE
command.
Quick Quiz
1. What is a role?
ANSWER: A collection of privileges
2. Which option, the WITH ADMIN OPTION or WITH GRANT OPTION, cannot be used
when a privilege is assigned to a role?
ANSWER: WITH GRANT OPTION
Quick Quiz
1. What command is used to revoke a system privilege from a role?
ANSWER: REVOKE
4. Which type of privilege could have a cascade effect on other users when it is revoked?
ANSWER: An object privilege granted with the WITH GRANT OPTION
Discussion Questions
1. How could roles be used to simplify the administration of privileges in a large
organization that consists of eight departments and a minimum of three levels of
management within each department?
Oracle 12c: SQL 7-7
2. Describe different roles that an insurance company might create to manage user groups.
Key Terms
authentication — The process of validating the identity of computer users.
coding scheme — When a DBA creates a user account, the user's identity is set by using a code;
the "scheme" of the code often consists of the user’s first initial followed by last name. Used
widely in industry for part numbers, customer numbers, etc.
hackers — A slang term generally applied to computer criminals who gain illegal access to
information systems.
object privileges — Allow users to perform DML or retrieval operations on the data contained
within database objects.
privileges — Allow database access to users. Oracle 12c has system privileges and object
privileges.
role — A group, or collection, of privileges. In most organizations, roles correlate to users' job
duties.
system privileges — Allow access to the Oracle 12c database and let users perform DDL
operations such as CREATE, ALTER, and DROP on database objects. An object privilege
combined with the keyword ANY is also considered a system privilege.