安全-权限-Oracle自带用户
新建时给的是系统权限sysdba,
后面使用到该用户的时候不能以normal状态登录plsql,
因为没有给用户赋予创建session的权限。只要用sys登录
grant connect,resource to xwm 给用户赋权就行了
dba是Oracle里的一种对象,Role 和User一样,是实实在在存在在Oracle里的物理对象,而sysdba是指的一种概念上的操作对象,在Oracle数据里并不存在。
所以说这两个概念是完全不同的。
dba是一种role对应的是对Oracle实例里对象的操作权限的集合,而sysdba是概念上的role是一种登录认证时的身份标识而已。
SYSDBA不是权限,当用户以SYSDBA身份登陆数据库时,登陆用户都会变成SYS。
sysdba身份登陆可以打开,关闭数据库,创建SPFILE,对数据库进行恢复操作等,而这些是DBA角色无法实现的。
Oracle自带用户
以下这些账户有的为了管理目的、有些为了数据库额外的功能、有些为了示例而存在。如果你启用了一些比较偏的功能还会自动新增一些用户,比如标签安全性、数据库保险箱啊等等。
这些账户每个你Google一番都能讲一个故事。。
账户和访问表没有直接的关系,权限才是,拿SELECT ANY TABLE(查看任何表)为例,看看谁能查看任何表:
SQL> select grantee from dba_sys_privswhere privilege=‘SELECT ANY TABLE‘;
oracle中的帐户分为两类:
一类是必需的帐户
一类是存储各种应用的帐户
【】SYS 安装时用户指定/CHANGE_ON_INSTALL
描述:数据库管理帐户/执行数据库的管理任务,实例的数据字典都在SYS下/超级用户,老大
Recreation Script:$ORACLE_HOME/rdbms/admin/sql.bsq.Recover from backup or recreate the database.
Safe To Remove:No
Purpose:Anaccount used to perform. database administration tasks. Password is created atinstallation or database creation time.
【】SYSMAN OEM_TEMP/manager
描述:企业管理器帐户
Recreation Script:Createdas part of the dbconsole or Enterprise Manager build.
Safe To Remove:Yes
Purpose:Theaccount used to perform. Oracle Enterprise Manager database administrationtasks. The SYS and SYSTEM accounts can also perform. these tasks. Password iscreated at installation or database creation time.
【】SYSTEM 安装时用户指定
描述:数据库管理帐户/用于执行数据库管理任务,有少量的实例对象/权限也非常高,但是不具备以下权限:ALTER DATABASE LINK/ ALTERPUBLIC DATABASE LINK/ EXEMPT ACCESSPOLICY/ EXEMPT IDENTITY POLICY/ SYSDBA/ SYSOPER。其中SYSDBA和SYSOPER还能启动关闭数据库实例,所以SYSTEM当然不能启动关闭数据库实例了。
Recreation Script:$ORACLE_HOME/rdbms/admin/sql.bsq.Recover from backup or recreate the database.
Safe To Remove:No
Purpose:A defaultgeneric database administrator account for Oracle databases. For productionsystems, Oracle recommends creating individual database administrator accountsand not using the generic SYSTEM account for database administrationoperations. Password is created at installation or database creation time.
【】ANONYMOUS ANONYMOUS
描述:访问http的匿名用户帐户/用于访问ORACLE XML DB知识库的帐户。
Recreation Script:$ORACLE_HOME/rdbms/admin/catqm.sql
Safe To Remove:Yes
Purpose:Accountthat allows HTTP access to Oracle XML DB. It is used in place of theAPEX_PUBLIC_USER account when the Embedded PL/SQL Gateway (EPG) is installed inthe database. EPG is a Web server that can be used with Oracle Database. Itprovides the necessary infrastructure to create dynamic applications. See alsoXDB.
【】CTXSYS CTXSYS
描述:interMedia Text用户,是MEDIATEXT的用户,有CONNECTRESOURCEDBA权限
Recreation Script:$ORACLE_HOME/ctx/admin/ctxsys.sql
Safe To Remove:Yes
Purpose:Theaccount used to administer Oracle Text. Oracle Text enables the building oftext query applications and document classification applications. It providesindexing, word and theme searching, and viewing capabilities for text.
【】DBSNMP DBSNMP
描述:目录集成平台用户/具有NNECTRESOUCEHESNMPAGENT 权限的角色,可用CATNSMP.SQL脚本删除此用户和角色
Recreation Script:$ORACLE_HOME/rdbms/admin/catsnmp.sql
Safe To Remove:Yes– run $ORACLE_HOME/rdbms/admin/catnsnmp.sql
Purpose:Theaccount used by the Management Agent component of Oracle Enterprise Manager tomonitor and manage the database. Password is created at installation ordatabase creation time.
【】DIP DIP
描述:目录集成平台的帐户(DIRECTORY INTEGERATION PLATFORM)
Recreation Script:$ORACLE_HOME/rdbms/admin/catdip.sql
Safe To Remove:Yes
Purpose:Theaccount used by the Directory Integration Platform. (DIP) to synchronize thechanges in Oracle Internet Directory with the applications in the database.
【】EXFSYS EXFSYS
描述:表达式过滤器帐户(EXPRESSIO FILTER)
Recreation Script:$ORACLE_HOME/rdbms/admin/exfsys.sql
Safe To Remove:Yes
Purpose:Theaccount used internally to access the EXFSYS schema, which is associated withthe Rules Manager and Expression Filter feature. This feature enables thebuilding of complex PL/SQL rules and expressions. The EXFSYS schema containsthe Rules Manager and Expression Filter DDL, DML, and associated metadata.
【】MDDATA MDDATA
描述:oracle空间数据帐户
Recreation Script:$ORACLE_HOME/md/admin/catmd.sql
Safe To Remove:Yes
Purpose:Theschema used by Oracle Spatial for storing Geocoder and router data. See alsoSPATIAL_CSW_ADMIN_USR , SPATIAL_WFS_ADMIN_USR and MDSYS.
【】MDSYS MDSYS
描述:oracle空间数据媒体管理员/空间数据(SPATIAL)媒介(INTERMEDIA)音频(AUDIO)视频(VIDEO)和图像管理员帐户
Recreation Script:$ORACLE_HOME/ord/admin/ordinst.sql
Safe To Remove:Yes
Purpose:TheOracle Spatial and Oracle Multimedia Locator administrator account. See alsoSPATIAL_CSW_ADMIN_USR , MDDATA and SPATIAL_WFS_ADMIN_USR.
【】MGMT_VIEW MGMT_VIEW
描述:不拥有任何对象,仅用于查询 SYSMAN 用户对象。安装OMS时自动创建的。
Recreation Script:$ORACLE_HOME/sysman/admin/emdrep/bin/RepManager
Safe To Remove:Yes
Purpose:Anaccount used by Oracle Enterprise Manager Database Control. Password israndomly generated at installation or database creation time. Users do not needto know this password.
【】OLAPSYS MANGER
描述:用于创建olap元数据/用于创建OLAP元数据的用户。包括OLAP_DBARESOURCECONNECT角色
Recreation Script:$ORACLE_HOME/olap/admin/amdsys.sql
Safe To Remove:Yes
Purpose:Theaccount that owns the OLAP Catalog (CWMLite). This account has been deprecated,but is retained for backward compatibility.
【】ORDPLUGINS ORDPLUGINS
描述:ORACLE INTERMEDIA和VIDEO的用户名,有CONNECT和RESURCE角色,与第三方连接
Recreation Script:$ORACLE_HOME/ord/admin/ordinst.sql
Safe To Remove:Yes
Purpose:TheOracle Multimedia user. Plug-ins supplied by Oracle and third-party, formatplug-ins are installed in this schema. Oracle Multimedia enables OracleDatabase to store, manage, and retrieve images, audio, video, DICOM formatmedical images and other objects, or other heterogeneous media data integratedwith other enterprise information. See also ORDSYS and SI_INFORMTN_SCHEMA.
【】ORDSYS ORDSYS
描述:image管理员/ORACLE INTERMEDIA和VIDEO的用户名,有CONNECT和RESOURCE角色
Recreation Script:$ORACLE_HOME/ord/admin/ordinst.sql
Safe To Remove:Yes
Purpose:TheOracle Multimedia administrator account. See also ORDPLUGINS and SI_INFORMTN_SCHEMA.
【】OUTLN OUTLN
描述:拥有connect和resource角色
Recreation Script:$ORACLE_HOME/rdbms/admin/sql.bsq.Recover from backup or recreate the database.
Safe To Remove:No
Purpose:Theaccount that supports plan stability. Plan stability prevents certain databaseenvironment changes from affecting the performance characteristics ofapplications by preserving execution plans in stored outlines. OUTLN acts as arole to centrally manage metadata associated with stored outlines.
【】SCOTT Tiger
描述:简单的样例帐户
Recreation Script:$ORACLE_HOME/rdbms/admin/utlsampl.sql
Safe To Remove:Yes
Purpose:Anaccount used by Oracle sample programs and examples.
【】HR hr
描述:简单的样例帐户
Recreation Script:$ORACLE_HOME/demo/schema/human_resources/hr_main.sql
Safe To Remove:Yes– run $ORACLE_HOME/demo/schema/drop_sch.sql
Purpose:Theaccount that owns the Human Resources schema included in the Oracle SampleSchemas. See also BI, OE, SH, IX and PM.
【】SI_INFORMTN_SCHEMA oracleineterMedia,video用户
描述:静止图像标准浏览帐户
Recreation Script:$ORACLE_HOME/ord/admin/ordinst.sql
Safe To Remove:Yes
Purpose:Theaccount that stores the information views for the SQL/MM Still Image Standard.See also ORDPLUGINS and ORDSYS.
【】WK_TEST WK_TEST
描述:同wksys/管理ORACLE 10g ULTRASEARCH的帐户,和WKSYS有一样的作用
Recreation Script:$ORACLE_HOME/ultrasearch/admin/wk0csys.sql
Safe To Remove:Yes
Purpose:Theinstance administrator for the default instance, WK_INST. After unlocking thisaccount and assigning this user a password, then the cached schema passwordmust also be updated using the administration tool Edit Instance Page. UltraSearch provides uniform. search-and-location capabilities over multiplerepositories, such as Oracle databases, other ODBC compliant databases, IMAPmail servers, HTML documents managed by a Web server, files on disk, and more.See also WKSYS
【】WKPROXY
描述:ORACLE 10g与代理服务器有关的帐户
Recreation Script:$ORACLE_HOME/ultrasearch/admin/wk0csys.sql
Safe To Remove:Yes
Purpose:Anadministrative account of Application Server Ultra Search.
【】WKSYS WKSYS
描述:同wk_test/管理ORACLE 10g AS ULTRASEARCH帐户,与WK_TEST有一样的作用
Recreation Script:$ORACLE_HOME/ultrasearch/admin/wk0csys.sql
Safe To Remove:Yes
Purpose:AnUltra Search database super-user. WKSYS can grant super-user privileges toother users, such as WK_TEST. All Oracle Ultra Search database objects areinstalled in the WKSYS schema. See also WK_TEST
【】WMSYS WMSYS
描述:工作空间管理帐户/工作实景管理的帐户
Recreation Script:$ORACLE_HOME/rdbms/admin/owmctab.plb
Safe To Remove:Yes
Purpose:Theaccount used to store the metadata information for Oracle Workspace Manager.
【】XDB CHANGE_ON_INSTALL
描述:ORACLE 10G XML DB帐户
Recreation Script:$ORACLE_HOME/rdbms/admin/catqm.sql
Safe To Remove:Yes
Purpose:Theaccount used for storing Oracle XML DB data and metadata. See also ANONYMOUS.
【】ORACLE_OCM
描述:Oracle预定义的非管理员用户
Recreation Script:$ORACLE_HOME/rdbms/admin/catocm.sql
Safe To Remove:Yes
Purpose:Thisaccount contains the instrumentation for configuration collection used by theOracle Configuration Manager.
【】BI
描述:
Recreation Script:$ORACLE_HOME/demo/schema/bus_intelligence/bi_main.sql
Safe To Remove:Yes-run$ORACLE_HOME/demo/schema/drop_sch.sql
Purpose:Theaccount that owns the Business Intelligence schema included in the OracleSample Schemas. See also HR, OE, SH, IX and PM.
【】OE
描述:
Recreation Script:$ORACLE_HOME/demo/schema/order_entry/oe_main.sql
Safe To Remove:Yes– run $ORACLE_HOME/demo/schema/drop_sch.sql
Purpose:Theaccount that owns the Order Entry schema included in the Oracle Sample Schemas.See also BI, HR, SH, IX and PM.
【】IX
描述:
Recreation Script:$ORACLE_HOME/demo/schema/info_exchange/ix_main.sql
Safe To Remove:Yes– run $ORACLE_HOME/demo/schema/drop_sch.sql
Purpose:Theaccount that owns the Information Transport schema included in the OracleSample Schemas. See also BI, HR, OE, SH and PM.
【】PM
描述:
Recreation Script:$ORACLE_HOME/demo/schema/product_media/pm_main.sql
Safe To Remove:Yes– run $ORACLE_HOME/demo/schema/drop_sch.sql
Purpose:Theaccount that owns the Product Media schema included in the Oracle SampleSchemas. See also BI, HR, OE, SH and IX.
【】SH
描述:
Recreation Script:$ORACLE_HOME/demo/schema/sales_history/sh_main.sql
Safe To Remove:Yes– run $ORACLE_HOME/demo/schema/drop_sch.sql
Purpose:Theaccount that owns the Sales History schema included in the Oracle SampleSchemas and is only available for Enterprise Edition installations. See alsoBI, HR, OE, IX and PM.
【】APEX_030200
描述:
Recreation Script:$ORACLE_HOME/apex/apexins.sql
Safe To Remove:Yes
Purpose:Partof the Oracle Application Express Suite - (Oracle APEX, previously named OracleHTML DB) which is a freeware software development environment. It allows a fastdevelopment cycle to be achieved to create web based applications. The accountowns the Application Express schema and metadata. See also APEX_PUBLIC_USER andFLOW_FILES.
【】APEX_PUBLIC_USER
描述:
Recreation Script:$ORACLE_HOME/apex/apexins.sql
Safe To Remove:Yes
Purpose:Partof the Oracle Application Express Suite - (Oracle APEX, previously named OracleHTML DB) which is a freeware software development environment. It allows a fastdevelopment cycle to be achieved to create web based applications. Thisminimally privileged account is used for Application Express configuration withOracle HTTP Server and mod_plsql. See also APEX_030200 and FLOW_FILES.
【】APPQOSSYS
描述:
Recreation Script:$ORACLE_ADMIN/rdbms/admin/catqos.sql
Safe To Remove:Yes
Purpose:Usedfor storing/managing all data and metadata required by Oracle Quality ofService Management.
【】FLOWS_FILES
描述:
Recreation Script:$ORACLE_HOME/apex/apexins.sql
Safe To Remove:Yes
Purpose:Partof the Oracle Application Express Suite - (Oracle APEX, previously named OracleHTML DB) which is a freeware software development environment. It allows a fastdevelopment cycle to be achieved to create web based applications. This accountowns the Application Express uploaded files. See also APEX_030200 andAPEX_PUBLIC_USER.
【】OWBSYS
描述:
Recreation Script:$ORACLE_HOME/owb/UnifiedRepos/cat_owb.sql
Safe To Remove:Yes
Purpose:Theaccount for administrating the Oracle Warehouse Builder repository. Access thisaccount during the installation process to define the base language of therepository and to define Warehouse Builder workspaces and users. A datawarehouse is a relational or multidimensional database that is designed forquery and analysis. See also OWBSYS_AUDIT.
【】OWBSYS_AUDIT
描述:
Recreation Script:$ORACLE_HOME/owb/UnifiedRepos/cat_owb.sql
Safe To Remove:Yes
Purpose:Thisaccount is used by the Warehouse Builder Control Center Agent to access the heterogeneousexecution audit tables in the OWBSYS schema.
【】SPATIAL_CSW_ADMIN_USR
描述:
Recreation Script:$ORACLE_HOME/md/admin/sdocswpv.sql
Safe To Remove:Yes
Purpose:TheCatalog Services for the Web (CSW) account. It is used by the Oracle SpatialCSW cache manager to load all record type metadata, and record instances fromthe database into the main memory for the record types that are cached. Seealso SPATIAL_WFS_ADMIN_USR, MDDATA and MDSYS.
【】SPATIAL_WFS_ADMIN_USR
描述:
Recreation Script:$ORACLE_HOME/md/admin/sdowfspv.sql
Safe To Remove:Yes
Purpose:TheWeb Feature Service (WFS) account. It is used by the Oracle Spatial WFS cachemanager to load all feature type metadata, and feature instances from thedatabase into main memory for the feature types that are cached. See alsoSPATIAL_CSW_ADMIN_USR , MDDATA and MDSYS.
【】XS$NULL
描述:
Recreation Script:$ORACLE_HOME/rdbms/admin/sql.bsq.Recover from backup or recreate the database.
Safe To Remove:No
Purpose:Aninternal account that represents the absence of a user in a session. BecauseXS$NULL is not a user, this account can only be accessed by the Oracle Databaseinstance. XS$NULL has no privileges and no one can authenticate as XS$NULL, norcan authentication credentials ever be assigned to XS$NULL.
【】LBACSYS
描述:
Recreation Script:$ORACLE_HOME/rdbms/admin/catlbacs.sql
Safe To Remove:Yes
Purpose:Theaccount used to administer Oracle Label Security (OLS). It is created only whenthe Label Security custom option is installed.
【】ORDDATA
描述:
Recreation Script:$ORACLE_HOME/ord/admin/ordisysc.sql
Safe To Remove:Yes
Purpose:Thisaccount contains the Oracle Multimedia DICOM data model.
【】TSMSYS
描述:Oracle?10g的所有目录上的特点及与此相关的观点/表的新特征是储存在TSMSYS用户下
Recreation Script:
Safe To Remove:
Purpose:
【】DMSYS
描述:Oracle数据挖掘账号
Recreation Script:
Safe To Remove:
Purpose:
安全-权限-Oracle自带用户
标签:li-app-ora
小编还为您整理了以下内容,可能对您也有帮助:
oracle中怎么赋予用户权限
oracle中赋予用户权限的具体步骤如下:
1、首先打开电脑,点击打开电脑桌面左下角的开始图标。
2、然后在弹出来的窗口中点击搜索框,输入“cmd”,回车确定。
3、然后在弹出来的窗口中点击输入“grant unlimited tablespace to 用户名”,回车确定,获取操作表空间权限。
4、然后在弹出来的窗口中点击打开“grant create table to 用户名”回车确定,获取创建表权限。
5、然后点击输入“grante drop table to 用户名”,回车确定获取删除表权限。
6、点击输入“grant insert table to 用户名”,回车确定获取插入表权限。
7、点击输入“grant update table to 用户名”,回车确定获取更新表权限。
浅谈oracle数据库如何创建用户以及分配权限
oracle的用户权限要是详细说,那么可能要很久,毕竟oracle的管理都是用过用户实现的。
(1)这里个人觉得最重要的是保护所在服务器的oracle用户(系统用户)的密码。并且不管是什么系统用户,就算是root,也不能随意修改才可以。毕竟本地登录的sqlplus / as sysdba就是dba权限,如果真的是这里出现问题,那么哭都来不及。
(2)dba用户有且只能有一个(用户名一定要毫不起眼,避免被猜出来,密码也要符合加密原则并且定期修改),这个用户要专人专用,绝对不能大面积给予该用户的密码,还是那句话权限太大。除了不得不利用dba身份进行的操作,其他事情一律不用这个用户,要当做这个用户不存在。
(3)其他用户权限,先说数据库的主要操作——增删改查,增是一个单独的用户,改删为一个用户或两个用户(这个权限也是严格控制的,因为一般来说),查为一个用户。感觉是不是很烦,一般也没有这么用的,不过如果真的要求严格,那么这是最好的办法。
(4)其他的就是关于表的分层管理(当然每层属于不同的用户或者每层分成几块,每块都是不同的用户),这样可以尽量避免因为权限导致的数据库问题。退一步说,就算出了问题,数据也是可以找回的。
(5)最后一个是每一个大面积分发的用户的授权都是针对表的,至于针对表空间等数据库系统层面的授权,则是由专门的用户由专门的人操作完成的。
浅谈oracle数据库如何创建用户以及分配权限
oracle的用户权限要是详细说,那么可能要很久,毕竟oracle的管理都是用过用户实现的。
(1)这里个人觉得最重要的是保护所在服务器的oracle用户(系统用户)的密码。并且不管是什么系统用户,就算是root,也不能随意修改才可以。毕竟本地登录的sqlplus / as sysdba就是dba权限,如果真的是这里出现问题,那么哭都来不及。
(2)dba用户有且只能有一个(用户名一定要毫不起眼,避免被猜出来,密码也要符合加密原则并且定期修改),这个用户要专人专用,绝对不能大面积给予该用户的密码,还是那句话权限太大。除了不得不利用dba身份进行的操作,其他事情一律不用这个用户,要当做这个用户不存在。
(3)其他用户权限,先说数据库的主要操作——增删改查,增是一个单独的用户,改删为一个用户或两个用户(这个权限也是严格控制的,因为一般来说),查为一个用户。感觉是不是很烦,一般也没有这么用的,不过如果真的要求严格,那么这是最好的办法。
(4)其他的就是关于表的分层管理(当然每层属于不同的用户或者每层分成几块,每块都是不同的用户),这样可以尽量避免因为权限导致的数据库问题。退一步说,就算出了问题,数据也是可以找回的。
(5)最后一个是每一个大面积分发的用户的授权都是针对表的,至于针对表空间等数据库系统层面的授权,则是由专门的用户由专门的人操作完成的。
ORACLE 11G的系统用户和默认用户有哪些
一、Oracle默认的系统用户
sys/system
a、sys:这个账户相当于SQLServer中的sa账户,是个超级账户,拥有的权限最大,可以完成数据库的所有管理任务。
b、system:没有sys的权限大,通常用来创建一些用于查看管理信息的表和视图,同样也不建议使用system架构来创建一些与管理无关的表或视图。
c、sys和system在登录Oracle工具时,sys只能以系统管理员(sysdba)或系统操作员(sysoper)的权限登录,而system可以直接登录(normal)。
二、Oracle默认用户
可以通过以下SQL语句查询:select * from dba_users;
截取的部分默认用户如下:
在oracle数据库中用户权限的问题
你的问题中有几个问题:
1、oracle中可以建很多个用户,但是oracle是一个支持多用户的数据库,在其中每个用户都是的,除非有权限否则互相之间是不可见的,因此没有你说的建好几个用户,其中一个用户可以看到整个表中的数据。
2、为了实现你的功能可以建下面几个表:
USER_TBL:存储你的用户信息
USER_PRO_TBL:存储用户的权限信息,用来用户可以访问的表或者视图
总之,oracle中的多用户不是你说的那个意思,如果你想设计一个用户交互的界面系统的话,这个系统肯定只能连接一个oracle,也就是只能使用一个oracle用户,想实现你说的功能就是在这个用户下面建表,用表的数据去用户的访问。
--
以上,希望对你有所帮助。