A user account is identified by a user name and defines the user's attributes, i
ncluding the following:
Password for database authentication Privileges and roles Default tablespace for database objects Default temporary tablespace for query processing work space What Is the Relation of a User Account and a Schema? User accounts and schemas have a one-to-one relation. When you create a user, yo u are also implicitly creating a schema for that user. A schema is a logical con tainer for the database objects (such as tables, views, triggers, and so on) tha t the user creates. The schema name is the same as the user name, and can be use d to unambiguously refer to objects owned by the user. What Is a User Role? A user role is a group of privileges. Privileges are assigned to users through u ser roles. You create new roles, grant privileges to the roles, and then grant r oles to users. What Are the System Predefined User Roles? Oracle 10g XE comes with 3 predefined roles: CONNECT - Enables a user to connect to the database. Grant this role to any user or application that needs database access. RESOURCE - Enables a user to create certain types of schema objects in his own s chema. Grant this role only to developers and to other users that must create sc hema objects. This role grants a subset of the create object system privileges. DBA - Enables a user to perform most administrative functions, including creatin g users and granting privileges; creating and granting roles; creating and dropp ing schema objects in other users' schemas; and more. It grants all system privi leges, but does not include the privileges to start up or shut down the database . It is by default granted to user SYSTEM. What Are Internal User Account? An internal user account is a system predefined user account. Oracle 10g XE come s with a number of internal accounts: SYSTEM - This is the user account that you log in with to perform all administra tive functions other than starting up and shutting down the database. SYSTEM is automatically created when you install the server. It's password is the one you specified during the installation process. SYS - This is another user account automatically created when you install the se rver. It's password is the one you specified during the installation process. Al l base tables and views for the database data dictionary are stored in the SYS s chema. So avoid log in as user SYS as much as possible to reduce the risk of dam aging those important data objects. User SYSTEM is preferred for all administrat ive tasks except starting up and shutting down. Other internal user accounts - Other special user accounts are predefined for sp ecial purposes. For example, CTXSYS is a special user account used by the Oracle Text product. How To Connect to the Server with User Account: SYS? SYS is a very special user account. It has been associated with the highest priv ilege call SYSDBA. Normally, you should not connect to the server with SYS. But if you want to use it, you need to use a special connect command: >cd (OracleXE home directory) >.\bin\sqlplus /nolog SQL> connect SYS/fyicenter AS SYSDBA Connected. SQL> quit Note that the "/nolog" option is used to start SQL*Plus without login immediatel y. A special form of the "connect" command is used to include the user name, pas sword, and the privilege in the same line. You can not log in with SYS without SYSDBA privilege. How To Use Windows User to Connect to the Server? During the installation process, 10g XE will create a special Windows user group called ORA_DBA, and put your Windows user into this group. Any Windows users in this group can be connected to Oracle server with SYSDBA privilege without any Oracle server user account. This process is called connecting the server as SYSD BA with OS Authentication. Here is how to do this with a special form of the "co nnect" command: (Log in with the same user you used to install 10g XE) >cd (OracleXE home directory) >.\bin\startdb >.\bin\sqlplus /nolog SQL> connect / AS SYSDBA Connected. SQL> quit So if "connect" is used without user name and password, the current Windows user will be trusted if he/she is in the ORA_DBA user group on the Windows system. How To List All User Accounts? User accounts can be accessed through a system view called ALL_USERS. A simple S ELECT statement can be used to get a list of all user accounts. Try the followin g script: >.\bin\sqlplus /nolog SQL> connect SYSTEM/fyicenter Connected. SQL> SELECT * FROM ALL_USERS; USERNAME USER_ID CREATED ------------------------------ ---------- --------- FLOWS_020100 35 07-FEB-06 FLOWS_FILES 34 07-FEB-06 HR 33 07-FEB-06 MDSYS 32 07-FEB-06 ANONYMOUS 28 07-FEB-06 XDB 27 07-FEB-06 CTXSYS 25 07-FEB-06 DBSNMP 23 07-FEB-06 TSMSYS 20 07-FEB-06 DIP 18 07-FEB-06 OUTLN 11 07-FEB-06 SYSTEM 5 07-FEB-06 SYS 0 07-FEB-06