Managing user accounts and security (2023)

To give users access to your database, you must create user accounts and assign the appropriate database access permissions to those accounts.A user account is identified by a user name and defines user attributes, including the following:

  • authentication method

  • Database authentication password

  • Standard tablespaces for permanent and temporary data storage

  • table space quota

  • Account status (locked or unlocked)

  • Password status (expired or not)

When creating a user account, in addition to assigning a username, password, and default tablespace, you must do the following:

  • Grant the appropriate system privileges, object privileges, and roles to the account.

  • If the user is creating database objects, assign the user account a space usage quota for each tablespace in which the object will be created.

Oracle recommends that you grant each user just enough privileges to do their job, and no more. For example, database application developers need permission to create and modify tables, indexes, views, and stored procedures, but do not need (and should not be given) permission to drop (drop) tablespaces or restore databases. You can create user accounts for database administration and grant those accounts only a subset of administrative privileges.

Additionally, you may want to create user accounts that will only be used by the application. That is, nobody logs in with those accounts; instead, the application uses these accounts to connect to the database, and users log into the application. This type of user account prevents application users from directly logging into the database, where they could inadvertently cause harm. CheckAbout user permissions and rolesknow more information.

When you create a user account, you implicitly create a schema for that user. AShemaIt is a logical container for user-created database objects such as tables, views, triggers, and so on. The schema name is equal to the user name and can be used to unambiguously refer to objects owned by the user. For example,HR staffSee the form abovestafffrom the insidesatplan. (fromstaffthe table belongssat.) conditiondatabase objectexistschema objectThey can be used interchangeably.

When you delete a user, you must also delete all schema objects for that user, or you must first delete the schema objects in a separate operation.

(Video) How to Manage User Accounts in Windows 10

predefined user accounts

In addition to the user accounts you create, the database contains several user accounts that are automatically created during installation.

All databases contain administrative accountsSystem,System, existDBSNMP.manage your accountis a highly privileged account and is only needed by individuals authorized to perform administrative tasks such as starting and stopping databases, managing database memory and storage, creating and managing database users, and so on. You log on to Oracle Enterprise Manager Database Express (EM Express) using the commandSystemfromSystem.You assign passwords to these accounts when you create a database using the Oracle Database Configuration Assistant (DBCA). You may not delete or rename these accounts.

All databases also containinternal account, which are created automatically so that each Oracle Database feature or component (such as Oracle Application Express) can have its own schema. To protect these accounts from unauthorized access, they are initially locked and their passwords are expired. (Afreeze bank accountis an account to which login is disabled. ) You cannot delete internal accounts or use them to log into the database.

Your database may also containSample schedule, if you selected the option to create a sample schema in the database when installing the database. A sample schema is a series of interrelated schemas that Oracle documentation and reference material can use to illustrate common database tasks. These modes also give you a way to experiment without affecting production data.

Each sample plan has an associated user account. For examplesatuser account hassatA schema that contains a simple set of tables for an HR application. The trial mode account is also initially locked and the password has expired. As the database administrator, you are responsible for unlocking these accounts and assigning passwords to these accounts.

See also:

  • Locking and unlocking user accounts

  • About managing accounts and permissions

  • SYS and SYSTEM usersInformation on recommended alternatives for useSystemResponsible for daily administrative tasks

  • Database user account management

  • An example of an Oracle database schemaMore information on sample layout

    (Video) 29 Creating and Managing User Accounts Windows Server 2016

  • Oracle Database ConceptsDatabase security overview

7.1.1On commonality in CDBs

In a multi-tenant container database (CDB), this is a fundamental principle of generalityThe common occurrence is the same in every existing and future tank.In CDB, "common" means "common to all containers".Local phenomena, on the other hand, are limited to one existing container.

This is a consequence of the principle of communityOnly ordinary users can change the existence of ordinary phenomena.Specifically, only normal users connected to root can create, destroy, or modify CDB-scoped attributes for normal users or roles.

See also:

  • Oracle Multitenant Administrator's GuideUnderstanding CDB and PDB

  • Oracle Multitenant Administrator's GuideInformation on running CDB and PDB users in CDB

A normal user is a database user with the same root identity in every existing and future pluggable database (PDB). Any normal user can connect and perform operations in root and any PDB that normal users have access to.

Each normal user is either provisioned by Oracle or created by the user himself. Examples of common users provided by Oracle areSystemexistSystem.

Ordinary users have the following characteristics:

(Video) How to Set Up, Configure and Manage User Accounts on Windows 10

  • Ordinary users can log into any container (includingCDB $ROOT) where there iscreate a sessionprivilege.

    Regular users do not need to have the same permissions in each container. For examplec##dbaA user can have permissions to create sessions in root and one PDB, but not in other PDBs. Because normal users with appropriate permissions can switch between containers, normal users can manage PDBs in the root directory.

  • The name of each user-created global user must begin with charactersC##fromC##. (Oracle's generic usernames do not have this restriction.)

    Local usernames cannot begin with a characterC##fromC##.

  • Common usernames must contain only ASCII or EBCDIC characters.

  • Each normal user has a unique name in all containers.

    Shared users reside in the root directory, but must be able to connect to any PDB with the same identity.

  • Regular user schedules may vary from container to container.

    For examplec##dbais a normal user with access to multiple containers, thereforec##dbaSchemas in each container can contain multiple objects.

See also:

  • Oracle Multitenant Administrator's GuideMore information about common users in the multi-user container database (CDB)

  • Oracle Database Security GuideLearn more about public and local accounts users in CDB

Local users are non-standard users that can only work within a single plug-in database (PDB).Local users have the following characteristics:

  • Local users are specific to a particular PDB and their own schemas in that PDB.

  • Local users cannot be created in root.

  • A local user on one PDB cannot log on to another PDB or root.

  • Local usernames cannot begin with a characterC##fromC##.

  • A local user's name must be unique only within its PDB.

  • A username and the PDB containing that user's schema define a unique local user. For example, local user and named userto representcan exist inHR database.Completely separate local users and naming schemesto representcan exist insales database.

  • Whether local users can access objects in the shared schema depends on their user permissions.

    For examplec##dbaOrdinary users canc##dbaarranged inHR databaseVOB. Unless c##dba grants the necessary privileges locallysatusers of this table,satI can't reach it.

See also:

  • Oracle Multitenant Administrator's GuideMore information about local users

  • Oracle Multitenant Administrator's GuideFor the scenario where the local user is in two VOBs

    (Video) Manage User Accounts and Passwords in PCC EHR

  • Oracle Database Security GuideLearn more about local accounts

(Video) How to manage local administrator accounts on Windows Servers and Workstations using Group Policy


What will be the best way to handle user accounts? ›

Adopt a strong authentication mechanism, such as two-factor authentication, for user accounts that handle sensitive data. Use different passwords for different accounts, in particular those for handling private and sensitive data. Change your password immediately if you believe that it has been compromised.

How to manage secure user account to access the operating system? ›

We have examined the different ways in which user access to systems can be kept secure:
  1. Limiting user account access.
  2. Implementing secure password policies.
  3. Restricting user permissions.
  4. Implementing network security.
  5. Logging events, monitoring access, and auditing systems.

When managing your user account password what would be considered to be best practice? ›

Password Best Practices
  1. Never reveal your passwords to others. ...
  2. Use different passwords for different accounts. ...
  3. Use multi-factor authentication (MFA). ...
  4. Length trumps complexity. ...
  5. Make passwords that are hard to guess but easy to remember.
  6. Complexity still counts. ...
  7. Use a password manager.

What is user management in security? ›

User management is a system to handle activities related to individuals' access to devices, software, and services. It focuses on managing permissions for access and actions as well as monitoring usage. Functions of user management include: Providing users with authenticated access.


1. Windows 11 Tutorial - Inside Out | Part 10 - Managing user accounts, passwords, and credentials
2. How to Manage User Accounts in Windows 7, 8, or 10
3. Windows 10: Managing User Accounts and Parental Controls
4. Managing User Accounts and Applications
(Postdynamic - The Master's world)
5. Linux Tip | Managing User Accounts and Passwords
(Joe Collins)
6. Seven Simple Ways to Manage User Accounts in Linux with the chage Command


Top Articles
Latest Posts
Article information

Author: Moshe Kshlerin

Last Updated: 31/08/2023

Views: 6319

Rating: 4.7 / 5 (57 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Moshe Kshlerin

Birthday: 1994-01-25

Address: Suite 609 315 Lupita Unions, Ronnieburgh, MI 62697

Phone: +2424755286529

Job: District Education Designer

Hobby: Yoga, Gunsmithing, Singing, 3D printing, Nordic skating, Soapmaking, Juggling

Introduction: My name is Moshe Kshlerin, I am a gleaming, attractive, outstanding, pleasant, delightful, outstanding, famous person who loves writing and wants to share my knowledge and understanding with you.