Database Reference
In-Depth Information
One of the most important reasons for creating more users is so you can
isolate and limit the privileges of the person who logs into the database, giv-
ing that person only the privileges needed to perform his or her duties and
nothing more. After all, you don't want the intern you just hired to be
allowed to drop an entire schema full of tables by mistake.
Typically, the DBA creates an Oracle user for each person who needs to
use the database. This user has a unique password, which should be kept
secret and should be known only by the DBA and the user. This gives you
the most flexibility in designing your security around the specific tasks each
person carries out in the database. For example, one person enters cus-
tomer orders while working on the company's toll-free phone line. Another
person processes the orders and uses the database to update the customer
orders with a shipping date. A third person handles customer billing and
returns, updating the customer's account information as needed for pay-
ments or refunds.
Note:
In the age of the Internet, Oracle usernames are generally shared
among many users through the use of connection pooling, application serv-
ers, and Web servers.
How do you get started creating users? You start with a small group of
users that was already created when you began using your database.
23.1.1
Users Provided by Oracle
To create a user, you must log into the database as a DBA user. The SYS-
TEM user, created as part of the Oracle Database 10
database creation
process, is a DBA user. So, you can log in as SYSTEM to create more users.
Oracle Database 10
g
comes with a multitude of predefined users that have
specific uses. For the purposes of Oracle SQL, we are interested in the SYS
and SYSTEM users only, and obviously your application usernames, such
as the MUSIC schema.
g
SYS
. SYS is the internal table owner. This user owns most of the
tables that are used internally for the database's functioning. This user
has the greatest amount of access to all areas of the database. Be care-
ful when logged in as SYS because you have the power to do things
that can completely disable your database. For example, SYS can
drop an internal table or modify data in an internal table, possibly
