发表新帖
发表新帖

How to create a user in Oracle 11g and grant permissions

后端 未结
关注
9 1378
梦谈多话
梦谈多话 2020-11-29 17:17

Can someone advise me on how to create a user in Oracle 11g and only grant that user the ability only to execute one particular stored procedure and the tables in that proce

相关标签:
9条回答
  • 深忆病人
    2020-11-29 17:42

    Don't use these approach in critical environment like TEST and PROD. Below steps are just suggested for local environment. For my localhost i create the user via these steps:

    IMPORTANT NOTE : Create your user with SYSTEM user credentials.Otherwise you may face problem when you run multiple application on same database.

     CONNECT SYSTEM/<<System_User_Password>>@<<DatabaseName>>; -- connect db with username and password, ignore if you already connected to database.

    Then Run below script

    CREATE USER <<username>> IDENTIFIED BY <<password>>; -- create user with password
GRANT CONNECT,RESOURCE,DBA TO <<username>>; -- grant DBA,Connect and Resource permission to this user(not sure this is necessary if you give admin option)
GRANT CREATE SESSION TO <<username>> WITH ADMIN OPTION; --Give admin option to user
GRANT UNLIMITED TABLESPACE TO <<username>>; -- give unlimited tablespace grant

    EDIT: If you face a problem about oracle ora-28001 the password has expired also this can be useful run 

    select * from dba_profiles;-- check PASSWORD_LIFE_TIME 
ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED; -- SET IT TO UNLIMITED
    0 讨论(0)
  • 盖世英雄少女心
    2020-11-29 17:44 
    CREATE USER USER_NAME IDENTIFIED BY PASSWORD;
GRANT CONNECT, RESOURCE TO USER_NAME;
    0 讨论(0)
  • 天命终不由人
    2020-11-29 17:48

    First step:

    Connect to a database using System/Password;

    second Step:

    create user username identified by password; (syntax)

    Ex: create user manidb idntified by mypass;

    third Step:

    grant connect,resource to username; (Syntax)

    Ex: grant connect,resource to manidb;

    0 讨论(0)
  • 挽巷
    2020-11-29 17:54

    Follow the below steps for creating a user in Oracle.
    --Connect as System user

    CONNECT <USER-NAME>/<PASSWORD>@<DATABASE NAME>;

    --Create user query

    CREATE USER <USER NAME> IDENTIFIED BY <PASSWORD>;

    --Provide roles

    GRANT CONNECT,RESOURCE,DBA TO <USER NAME>;

    --Provide privileges

    GRANT CREATE SESSION, GRANT ANY PRIVILEGE TO <USER NAME>;
GRANT UNLIMITED TABLESPACE TO <USER NAME>;

    --Provide access to tables.

    GRANT SELECT,UPDATE,INSERT ON <TABLE NAME> TO <USER NAME>;
    0 讨论(0)
  • 面向向阳花
    2020-11-29 17:54

    The Oracle documentation is comprehensive, online and free. You should learn to use it. You can find the syntax for CREATE USER here and for GRANT here,

    In order to connect to the database we need to grant a user the CREATE SESSION privilege.

    To allow the new user rights on a stored procedure we need to grant the EXECUTE privilege. The grantor must be one of these:

    • the procedure owner
    • a user granted execute on that procedure with the WITH ADMIN option
    • a user with the GRANT ANY OBJECT privilege
    • a DBA or other super user account.

    Note that we would not normally need to grant rights on objects used by a stored procedure in order to use the procedure. The default permission is that we execute the procedure with the same rights as the procedure owner and, as it were, inherit their rights when executing the procedure. This is covered by the AUTHID clause. The default is definer (i.e. procedure owner). Only if the AUTHID is set to CURRENT_USER (the invoker, that is our new user) do we need to grant rights on objects used by the procedure. Find out more.

    0 讨论(0)
  • 逝去的感伤
    2020-11-29 17:55

    As previously mentioned multiple times in the comments, the use of the CONNECT, RESOURCE and DBA roles is discouraged by Oracle.

    You have to connect as SYS to create your role and the user(s) which are given this role. You can use SQL Developer or SQL*Plus as you prefer. Do not forget to mention the SYSDBA role in the logon string. The connect_identifier uses different syntaxes.

    sqlplus sys/<<password>>@<<connect_identifier>> as sysdba

    Let's say you have a 12cR1 like the one provided as a VM with the "Oracle Technology Network Developer Day". The connect strings might be (to connect to the provided PDB) :

    sqlplus sys/oracle@127.0.0.1/orcl as sysdba
sqlplus sys@"127.0.0.1/orcl" as sysdba -- to avoid putting the pw in clear

    Note that under Unix, the quotes have to be escaped otherwise they will be consumed by the shell. Thus " becomes \".

    Then you create the role MYROLEand grant it other roles or privileges. I added nearly the bare minimum to do something interesting :

    create role myrole not identified;
grant create session to myrole;
grant alter session to myrole;
grant create table to myrole;

    Next your create the user MYUSER. The string following identified by which is the password is case-sensitive. The rest is not. You could also use SQL delimited identifiers (surrounded by quotes ") instead of regular identifiers which are converted tu uppercase and subject to a few limitations. The quota could be unlimited instead of 20m.

    create user myuser identified by myuser default tablespace users profile default account unlock;
alter user myuser quota 20m on users;
grant myrole to myuser;

    Eventually, you connect as your new user.

    Please note that you could also alter the default profile or provide another one to customize some settings as the expiration period of passwords, the number of permitted failed login attempts, etc.

    0 讨论(0)
 看不清?
提交回复
热议问题