Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
54 Cards in this Set
- Front
- Back
|
A collection of database objects that are owned by a database user
Has the same name as the user account |
What is a schema:
|
|
|
a way to organize the ownership of and access to database objects.
|
A database user account is
|
|
|
A password is an
|
authentication by the Oracle database.
|
|
|
right to execute a particular type of SQL statement or to access another user’s object.
|
A privilege is a
|
|
|
What is named group of related privileges that are granted to users or to other roles caled
|
A role is a
|
|
|
What imposes named set of resource limits on database usage and instance resources and manage account status and password management rules.
|
Profiles
|
|
|
space allowance in a given tablespace. This is one of the ways by which you can control resource usage by users.
|
A quota is a
|
|
|
username defines the user’s attributes such as name 3
|
Method of authentication
Password for database authentication Temporary tablespace: Used for sort operations Default tablespace: Used for object creation when a tablespace is not explicitly specified Tablespace quota: Amount of space that can be consumed by user’s objects within a tablespace Account locking |
|
|
Users are granted privileges so that they can connect to the database and perform operations in the database, such as
|
Viewing data and creating objects
|
|
|
Several user accounts are automatically created when you create your database. All databases created by the Database Configuration Assistant (DBCA) include the
|
SYS, SYSTEM, SYSMAN, and DBSNMP user accounts.
|
|
|
Many of the administrative user accounts are initially locked with expired passwords.
Why? |
These accounts are locked to prevent unauthorized access
|
|
|
You can create additional users to serve as owners what?
|
of objects in your database. You can also create user accounts so that users can log on to the database.
|
|
|
The following user accounts are created when the database is created:
hair olive **** :-) |
SYS: Database administrative user
SYSTEM: Database administrative user SYSMAN: Oracle Enterprise Manager user DBSNMP: Used by Oracle Enterprise Manager HR, OE, SH, and others: Sample schema usersi |
|
|
Creating Users what do you use hint Em
|
You can use Enterprise Manager to define a new user as follows: Look it up
|
|
|
Authenticating Users
password hint E , G |
Password
External Global |
|
|
What is a privalage?
|
A privilege is a right to execute a particular type of SQL statement or to access another user’s object. The Oracle database enables you to control what the users can and cannot do in the database.
|
|
|
Privileges are divided into two categories:??
|
System privileges: Each system privilege allows a user to perform a particular database operation or class of database operations. For example, the privilege to create tablespaces is a system privilege. System privileges can be granted by the administrator or by someone who has been given explicit permission to administer the privilege. There are more than 170 distinct system privileges. Many system privileges contain the ANY clause.
Object privileges: Object privileges allow a user to perform a particular action on a specific object, such as a table, view, sequence, procedure, function, or package. Without specific permission, users can access only their own objects. Object privileges can be granted by the owner of an object, by the administrator, or by someone who has been explicitly given permission to grant privileges on the object. System Privileges Object Privileges To grant object privileges: Choose the object type. Select objects. Select privileges. |
|
|
Revoking System Privilegeswith ? Hint A
Revoking Object Privilegeswith ? Hint G |
Revoking System Privilegeswith ADMIN OPTION
Revoking Object Privilegeswith GRANT OPTION |
|
|
Benefits of Roles?? Just short explain
|
Easier privilege management: Use roles to simplify privilege management. Rather than granting the same set of privileges to several users, you can grant the privileges to a role and then grant that role to each user.
Dynamic privilege management: If the privileges associated with a role are modified, all users who are granted the role acquire the modified privileges automatically and immediately. Selective availability of privileges: Roles can be enabled and disabled to turn privileges on and off temporarily. This allows the privileges of the user to be controlled in a given situation. |
|
|
Creating and Modifying Roles
|
Use Enterprise Manager to define a new role:
1. Click Roles in the Security region of the Server page. 2. Click Create. 3. On the Create Role page, enter the name of your new role. 4. Click Roles, System Privileges, and/or Object Privileges to add the required privileges to your new role. 5. Click OK to create the role. |
|
|
Creating and Modifying Roles
Granting and Revoking Roles |
Modify an existing role:
1. Click Roles in the Security region of the Server the Roles property page. |
|
|
Secure Roles
|
Roles can be nondefault and enabled when required.
Roles can be protected through authentication. Roles can also be secured programmatically. |
|
|
how many profiles are assigned to a user at a time?
Profiles what are they for hint control r c & Accounts Pe |
Users are assigned only one profile at a time.
Profiles: Control resource consumption Manage account status and password expiration |
|
|
Implementing Password Security Features
|
Oracle password management is implemented with user profiles. Profiles can provide many standard security features.
Account locking: Enables automatic locking of accounts for a set duration when users fail to log in to the system in the specified number of attempts FAILED_LOGIN_ATTEMPTS: Specifies the number of failed login attempts before the lockout of the account PASSWORD_LOCK_TIME: Specifies the number of days for which the account is locked after the specified number of failed login attempts |
|
|
Implementing Password Security Features, read this thats all try remember
|
Password aging and expiration: Enables user passwords to have a lifetime, after which the passwords expire and must be changed
PASSWORD_LIFE_TIME: Determines the lifetime of the password in days, after which the password expires PASSWORD_GRACE_TIME: Specifies a grace period in days for changing the password after the first successful login after the password has expired Note: Expiring passwords and locking the SYS, SYSMAN, and DBSNMP accounts prevent Enterprise Manager from functioning properly. The applications must catch the “password expired” warning message and handle the password change; otherwise, the grace period expires and the user is locked out without knowing the reason. |
|
|
Implementing Password Security Features
|
If both parameters are set, password reuse is allowed—but only after meeting both conditions. The user must have changed the password the specified number of times, and the specified number of days must have passed since the old password was last used.
For example, the profile of user ALFRED has PASSWORD_REUSE_MAX set to 10 and PASSWORD_REUSE_TIME set to 30. User ALFRED cannot reuse a password until he has reset the password 10 times and until 30 days have passed since the password was last used. If one parameter is set to a number and the other parameter is specified as UNLIMITED, then the user can never reuse a password |
|
|
Creating a Password Profile
Supplied Password Verification Function: VERIFY_FUNCTION_11G Hint Similar to normal requirments |
At least eight characters
Different from the username, username with a number, or username reversed Different from the database name or the database name with a number A string with at least one alphabetic and one numeric character Different from the previous password by at least three letters Tip: Use this function as a template to create your own customized password verification. |
|
|
Modifying Users, just read try remember
|
To change the tablespace quota for a user, perform the following steps:
1. Click Users in the Security region of the Server page. 2. Select the user and click Edit. 3. Click the Quotas tab. 4. Enter the quota amount for any tablespace in which the user creates objects. You can select Unlimited from the Quota menu, or you can select Value and enter a specify value. 5. Click Apply. |
|
|
Dropping UsersHust read try remember
|
When you drop a user:
The user’s definition is deleted The user loses the ability to connect to the database All objects that belong to the user are dropped, tables and indexes are deleted from the database. If you must maintain a user’s objects and want to deny that user access to the database, you can lock the user’s account or make the user’s password expire as an alternative to dropping the user. |
|
|
Locking and Unlocking Accounts
|
You can configure a user account so that, after a specified number of consecutive failed login attempts, the account is locked. You can also configure the account to unlock automatically after a specified time interval or to require database administrator intervention to unlock the account.
You can also lock accounts manually so that they must be unlocked explicitly by a database administrator. Note: Many of the Oracle-supplied database user accounts are locked following database creation. |
|
|
Locking and Unlocking Accounts
Unlocking a User Account and Resetting the Password just read or skip |
During installation and database creation, you can unlock and reset many of the Oracle-supplied database user accounts. If you did not choose to unlock the user accounts at that time, you can unlock the users and reset the passwords as follows:
1. Select the user on the Users page, and then click Edit. The Edit User page is displayed. 2. Enter the new password in the Enter Password and Confirm Password fields. 3. Select Unlocked for the Status to unlock the user account. 4. Click Apply to reset the password and unlock the user account. The Update Confirmation message is displayed. You can also unlock a user as follows: 1. Select the user on the Users page. 2. Select Unlock User in the Actions menu. 3. Click Go. |
|
|
Setting the Password Policy, remember the default can be changed just read try remember
|
Default password policy is assigned through the DEFAULT profile when a user is created
Default password policy: The password for the user expires automatically in 180 days. The user account is locked seven days after password expiration. The user account is locked for one day after 10 failed login attempts. Change the password policy for every user in the database by modifying the password-related attributes of the DEFAULT profile. Create additional profiles to customize the password policy for different users. |
|
|
Temporary tablespace: Used for
|
sort operations
|
|
|
Whats the Default tablespace used for:?
|
Used for object creation when a tablespace is not explicitly specified
|
|
|
explain Tablespace quota:
|
Amount of space that can be consumed by user’s objects within a tablespace
|
|
|
Many of the administrative user accounts are initially locked with what?
|
with expired passwords.
|
|
|
You can create additional users to serve as
|
owners of objects in your database.
|
|
|
How many system privalges?
|
There are more than 170 distinct system privileges. Many system privileges contain the ANY clause.
|
|
|
Benefits of Roles
|
you can grant the privileges to a role and then grant that role to each user.
|
|
|
Dynamic privilege management:
|
modified privileges automatically and immediately.
|
|
|
Selective availability of privileges:
|
can be enabled and disabled to turn privileges on and off temporarily. This allows the privileges of the user to be controlled in a given situation.
|
|
|
Secure Roles
|
SET ROLE vacationdba;
|
|
|
promatically secured role example remember
|
CREATE ROLE secure_application_role
IDENTIFIED USING <security_procedure_name>; |
|
|
How is Implementing Password
Security Features done |
implemented with user profiles. Profiles can provide many standard security features.
|
|
|
FAILED_LOGIN_ATTEMPTS:
|
Specifies the number of failed login attempts before the lockout of the account
|
|
|
PASSWORD_LOCK_TIME:
|
Specifies the number of days for which the account is locked after the specified number of failed login attempts
|
|
|
PASSWORD_LIFE_TIME:
|
Determines the lifetime of the password in days, after which the password expires
|
|
|
PASSWORD_GRACE_TIME:
|
Specifies a grace period in days for changing the password after the first successful login after the password has expired
|
|
|
PASSWORD_REUSE_TIME:
|
Specifies that a user cannot reuse a password for a given number of days
|
|
|
PASSWORD_REUSE_MAX:
|
Specifies the number of password changes that are required before the current password can be reused
|
|
|
For example, the profile of user ALFRED has PASSWORD_REUSE_MAX set to 10 and PASSWORD_REUSE_TIME set to 30
|
User ALFRED cannot reuse a password until he has reset the password 10 times and until 30 days have passed since the password was last used.
|
|
|
If one parameter is set to a number and the other parameter is specified as UNLIMITED,
|
then the user can never reuse a password
|
|
|
REVOKING SYSTEM PRIVLAGES
|
REVOKE <system_privilege> FROM <grantee clause>
|
|
|
Note: RESOURCE_LIMIT must be set to ???? before profiles can impose resource limitations.
|
TRUE
|
