Once you have decided on the default and temporary tablespaces, the password, and the quotas, you are ready to create the new user.
The CREATE USER command is used for this.
The CREATE USER command in the following MouseOver illustrates commonly used syntax elements.
Creating a User
Users and Schemas
Access to the database is granted to a database account known as a user. A user may exist in the database without owning any objects. However, if the user creates and owns objects in the database, those objects are part of a schema that has the same name as the database user. A schema can own any type of object in the database:
The schema owner or DBA can grant access to these objects to other database users. The user always has full privileges and control over the objects in the user's schema. When a user is created by the DBA (or by any other user with the CREATE USER system privilege), a number of other characteristics can be assigned to the user, such as which tablespaces are available to the user for creating objects,
and whether the password is preexpired. You can authenticate users in the database with three methods:
operating system authentication, and
With database authentication, the encrypted password for the user is stored in the database. In contrast, operating system authentication makes an assumption that a user who is already authenticated by an operating system connection has the same privileges as a user with the same or similar name (depending on the value of the OS_AUTHENT_PREFIX initialization parameter). Network authentication uses solutions based on Public Key Infrastructure (PKI). These network authentication methods require Oracle 11g or 12c Enterprise Edition with the Oracle Advanced Security option.
Always assign users a default tablespace, even if you do not plan to allow them to create objects. That way you do not have to remember to change their default tablespace settings later if you do allow them to create objects.
When it comes to quotas, you can place as many QUOTA clauses in the CREATE USER command as you need.
Users who do not need to be restricted in terms of space can be assigned an unlimited quota. Alternatively, you can assign them no quota at all, and give them
UNLIMITED TABLESPACE privileges instead. If you do not want to type in commands, you can use Security Manager to create a user. Security Manager, as you will recall, is one of Enterprise Manager's management pack applications.
Oracle Security Manager in Oracle 12c
The Oracle Security Manager still exists as a component for Oracle 12c. It is a Java class that provides a framework for restricting the actions that can be performed by Java applications. The Security Manager can be used to protect against a variety of security threats, such as malicious code, unauthorized access to resources, and denial-of-service attacks.
To use the Security Manager, you must first create a security policy. A security policy is a list of permissions that are granted to the Java application. Once you have created a security policy, you must install the Security Manager in the Java Virtual Machine (JVM). This can be done by setting the `java.security.manager` system property to the name of your security policy class.
Once the Security Manager is installed, it will intercept all attempts by the Java application to perform privileged actions. If the application does not have the required permission for the action, the Security Manager will throw a SecurityException.
The Oracle Security Manager is a powerful tool that can be used to improve the security of Java applications. However, it is important to note that it can also be complex to configure and use. If you are considering using the Security Manager, it is important to carefully read the documentation and understand how it works.
Here are some examples of how the Oracle Security Manager can be used to protect Oracle 12c databases:
Prevent Java applications from creating new database connections.
Prevent Java applications from executing SQL statements.
Prevent Java applications from accessing specific database tables or views.
Prevent Java applications from modifying database data.
Prevent Java applications from exporting database data to files.
If you are using Oracle 12c, I recommend that you evaluate the Oracle Security Manager to see if it can help you to improve the security of your Java applications.
Create a user with the Security Manager
This Simulation walks you through the process of creating the COIN_ADMIN user, shown earlier, with the help of the Security Manager.
Start by logging into Security Manager. Enter SYSTEM and MANAGER for the username and password, COIN for the service name, then click OK.
This is Security Manager's opening screen. Right-click the folder named Users.
Select create from the pop-up menu to begin the process of creating a new user.
This is the Create User dialog. You need to fill in the fields on this screen. Use COIN_ADMIN for the username password, and confirm password.
Click the drop-down list for the default tablespace.
Click the drop-down list for the temporary tablespace.
Click the Expire Password Now checkbox to force the user to change the password on first log in.
Now that you have completed all the fields, Click the Quota tab.
This tab allows you to assign tablespace quotas. Click the user's tablespace to highlight it.
Click the Value radio button.
Enter 5000 for the value in the cell to the right of the value radio button. This assigns the user 5000 kilobytes of quota on the User's tablespace. When you are done, click the Tools tablespace.
Click the Value radio button.
Enter 10 for the value and click the drop-down list that reads "K Bytes" to the right of the value field.
Select "M Bytes" from the drop-down list. This assigns the user 10 megabytes of quota on the Tools tablespace. When you are done, click the Temp tablespace.
Click the Unlimited radio button in order to provide the user unlimited access to the TEMP tablespace.
Click the Create button to create the user.
The user has been created. Click OK to acknowledge.
You are returned to the Security Manager screen, where you can see your newly created user listed in the right pane of the window.