C H A P T E R

Security Manager for Users, Roles, and Profiles

6
3 3 3 3

3

3

In This Chapter
Using Security Manager to create Users Creating Roles

F
See Reference Section

or many systems, the Database Administrator (DBA) is in charge of security. Security often becomes a timeconsuming task that needs regular attention. The Security Manager makes your tasks more intuitive and helps you manage Users, passwords, and database privileges in a more efficient and accurate manner. This chapter explores how you use Security Manager to create Users and Roles, assign privileges, and control passwords. The Security Manager is one of many client-side tools provided by the Enterprise Manager Package. The Security Manager substitutes for hand-written SQL code. In fact, the Security Manager Tools generate SQL code you can save for later use. Whenever there is an equivalent SQL command for the task described here, you’ll see a cross-reference to the command in the Reference section (Part V) of this book. Watch for the Code Icon in the margin. If you do not use Security Manager, refer to Chapter 11. Chapter 11 contains the SQL step-by-step equivalent to all the examples shown in this chapter.

Monitoring passwords Mastering profiles

3

3

CrossReference

124

Chapter 6 3 Security Manager for Users, Roles, and Profiles

Users
Often one of the DBA’s first tasks involves defining new Users. Later, when a definitive security plan evolves, the DBA establishes Roles with specialized sets of privileges to enforce security. Each end User allowed database access becomes a member of at least one of the Roles created by the DBA. This section examines how to use the Enterprise Manager’s tool, Security Manager, to create and manage Oracle8 Users.

Creating a new User
See Reference Section

CREATE USER

The Security Manager makes quick work of creating a User. Follow these steps: 1. Start up the Security Manager from the taskbar and log in. Figure 6-1 shows the initial window of the Security Manager.

Figure 6-1: You must have SELECT privileges on the Data Dictionary Views to use Security Manager.

Chapter 6 3 Users

125

2. Choose User Á Create. Alternative ways to begin the Create User process are: • Click the Users folder and then press the green plus (+) sign in the toolbar. • Right-click the Users folder and then select Create from the submenu. This brings up the Create User dialog box, which should resemble Figure 6-2.
Figure 6-2: A new User must have a unique name within the database instance.

3. Type a new User name. 4. Select a profile set from the pull-down list.
CrossReference

Refer to “Profiles” section (later in this chapter) to learn how to create new profiles. 5. Select the authentication type. Three types of authentication exist: • Global. New to Oracle8, a User name can be defined as unique across multiple databases by selecting global authentication. • External. Oracle8 validates the User’s name through the operating system. In these cases, you append a common prefix to the User’s operating system name to create the Oracle User name. The default prefix is “OPS$”. If a User logs in to the operating system as MLAMB; then the User’s Oracle User name is OPS$MLAMB. The User does not enter a password when logging in to Oracle8 with external authentication. This approach is not as secure as using a specific password. • Password. The User must enter the designated password when logging in to the database.

126

Chapter 6 3 Security Manager for Users, Roles, and Profiles

6. If necessary, type the password in both the Enter Password box and the Confirm Password box. The password appears onscreen as a line of asterisks (*). A new feature of Oracle8 enables you to require the User to enter a new password the first time she logs in. Select the “Expire Password now” checkbox to use this new feature. 7. Select a Default Tablespace. This is the Tablespace in which Oracle8 puts the new User’s Tables if the User creates Tables without explicitly assigning them to a different Tablespace. 8. Select a temporary Tablespace. Click the arrow in the Temporary box to see your choices. Normally, you select TEMPORARY_DATA as the temporary Tablespace. Oracle8 puts data in TEMPORARY_DATA while generating query results or preparing a view — temporarily grabbing some space and releasing it after the job is done.
See Reference Section

GRANT

9. Click the Roles/Privileges tab (optional). Figure 6-3 shows the Privileges area of the User window. Here you can select database Roles (such as CONNECT) or select system privileges (such as Alter Any Table) and add them to the list of privileges for the new User. Add a new privilege by double-clicking the privilege in the upper List. This moves it to the lower List. Remove a privilege by double-clicking the privilege in the lower List. This moves it to the upper List. To assign a system privilege with the WITH ADMIN OPTION, click the appropriate row and column to change the red X to a green check mark. The WITH ADMIN OPTION means a User with this Role is enabled to grant the privilege to other Roles and Users.

See Reference Section

GRANT

9. Click the Object Privileges tab (optional). This window enables you to assign Object privileges (such as SELECT ON
AMY.SALAD_BAR) to the User.

Caution

You must have appropriate privileges to grant the Object privileges. For example, you must have SELECT ON AMY.SALAD_BAR WITH ADMIN OPTION or SELECT ANY Table WITH ADMIN OPTION to assign the SELECT privilege on AMY’s SALAD_BAR Table.

Chapter 6 3 Users

127

Figure 6-3: Select Roles and privileges for the new User by double-clicking.

11. Click the Quotas tab (optional). Here you can assign limits to the amount of space a User is allowed to use in each of the Tablespaces available to the User. To assign a limit, select the Tablespace, click the Value Button, and type in the number of kilobytes or megabytes. 12. Click the Create button to finish. Oracle8 creates the new User names and returns you to the main window of the Security Manager. Oracle has rules for naming a User ID. See the “Choosing Names for Users and Passwords” sidebar for details and advice on names for User names and passwords.
Note

No utility exists in Oracle8 to display a User’s password. A User’s password always appears as asterisks or encrypted. If a User forgets his password and you (the Security Officer) don’t know the password, you must assign a new password. To copy a User, select the User and then click the Create Like button on the toolbar. Fill in a new User name and password.

Tip

128

Chapter 6 3 Security Manager for Users, Roles, and Profiles

Choosing Names for Users and Passwords
As the DBA, you have the responsibility of creating every new User name for your Oracle8 Database. When setting up a name for a new User, you have to follow the same rules that apply for naming any Oracle8 Object. You can use up to 30 characters. A letter and singledigit number each count as one character. The same rules apply to setting up passwords. My advice is to use a single word or acronym for a new User name. Selecting passwords is more difficult but Oracle8’s newest password features enable you to set and expire a simple password. You can also require the User to choose a more cryptic password.

Changing a User’s password
See Reference Section

ALTER USER

If you are the DBA or Security Manager, you can change the password of any of the Users defined to the database. A new feature of Oracle8 enables you to control aspects of the User’s password, such as rate of expiration, complexity, and what to do when a User enters an incorrect password. Refer to the section “Managing Password Features with Profile” later in this chapter for more information. Here are the steps (which are similar to the steps in creating a new User) for changing a User’s password. 1. Start the Security Manager from the toolbar and log in. 2. Double-click the User folder in the left window. This brings up a list of Users on the left and on the right. 3. Click the User whose password you are changing. The User’s Profile window appears in the right frame, as shown in Figure 6-4. 4. Type the new password in the Enter Password box and again in the Confirm Password box. 5. Click the Apply button to complete the job. Security Manager accepts the change and returns you to the main window. The next section describes how to modify other portions of the User’s security.

CrossReference

Chapter 6 3 Users

129

Type new password

Figure 6-4: The password never actually gets displayed — it looks like asterisks.

Adding Roles or privileges to Users
A User may need changes to the current set of assigned Roles of privileges. In the case of Roles and system privileges, you don’t need special considerations. Simply use the following steps. In the case of Object privileges, however, you must consider whether to use the DBA or the Object Owner to grant Object privileges.
Caution

The ability to assign privileges like SELECT and Update belongs solely to the Object Owner. The ability to use Security Manager, however, is usually reserved for the DBA. How can you use the Security Manager to assign Object privileges? You must choose one of the following two choices before Security Manager can be used (by either the DBA or the Object Owner) to assign Object privileges. 3 Give DBA the authority to grant Object privileges. The Object Owner grants all needed Object privileges WITH ADMIN OPTION to the DBA. After this step, the DBA can proceed to grant the Object privileges to other Roles or Users.

130

Chapter 6 3 Security Manager for Users, Roles, and Profiles

3 Give the Object Owner authority to use Security Manager. The DBA grants certain system privileges to the Object Owner so the Object Owner can log in and use the Security Manager. Subsequently, the Object Owner assigns the Object privileges to other Roles or Users. In the first case, the Object Owner uses SQL*Plus or SQL Worksheet to grant the Object privileges to the DBA in this format:
GRANT Privilege_name ON Object_name TO dba_name WITH ADMIN OPTION;

For example, the following SQL command enables the DBA (SYSTEM) to assign the SELECT privilege on the SALAD_BAR Table in the AMY Schema. The Object Owner (AMY) must execute the SQL:
GRANT SELECT ON SALAD_BAR TO System WITH ADMIN OPTION;

In the second case, the DBA must grant the Object Owner certain privileges to enable the Object Owner to log in to the Security Manager. Refer to the section “Allowing Object Owner to Use Security Manager” later in the chapter for instructions. In either case, use the following steps to assign Object privileges to a User using the Security Manager. You also use the same steps to assign a Role to a User.
See Reference Section

GRANT

Follow these steps to assign a Role or a privilege to a User with Security Manager. 1. Start the Security Manager and log in as DBA (or Object Owner). The Security Manager main window appears. 2. Double-click the User folder. This brings up a list of every User name in the database. 3. Click a User name. Click the User name on which you wish to work; this action brings up the User properties window. 4. Click the Roles/Privileges tab. Click the Roles/Privileges tab near the top of the window. The window now shows the current list of Roles and privileges for this User. The window lists all granted Roles on the bottom and all remaining Roles on the top. 5. Add a Role by double-clicking the desired Role. Oracle8 copies the chosen Role into the lower list, indicating it is now added to the User.

Chapter 6 3 Users

131

6. Add a system privilege by displaying System Privileges and double-clicking the desired privilege. Select System Privileges from the Privilege Type box. Next, double-click the System privilege you wish to add. Oracle8 copies the chosen privilege into the lower list, indicating it is now added to the User. 7. Add an Object privilege by displaying Object Privileges and double-clicking the desired privilege. Select Object Privileges tab. Next, double-click the Object privilege you wish to add. Oracle8 copies the chosen privilege into the lower list, indicating it is now added to the User. 8. Click the Apply button to save your work to the database. Assuming no error messages are returned, the privileges are added.

Removing Roles or privileges from Users
See Reference Section

REVOKE

Follow these steps to remove a Role or a privilege from a User with Security Manager. 1. Start Security Manager and log in as DBA (or Object Owner). The Security Manager main window appears. 2. Double-click the User folder. This brings up a list of every User name in the database. 3. Click a User Name. Click the User name on which you wish to work; this action brings up the User properties window. 4. Click the Roles/Privileges tab. Click the Roles/Privileges tab near the top of the window. The window now shows the current list of Roles and privileges for this User. The window lists all granted Roles on the bottom and all remaining Roles on the top. 5. Remove a Role by double-clicking the desired Role. Oracle8 copies the chosen Role into the upper list, indicating it is now removed from the User. 6. Remove a system privilege by displaying System Privileges and doubleclicking the desired privilege.

132

Chapter 6 3 Security Manager for Users, Roles, and Profiles

Select System Privileges from the Privilege Type box. Next, double-click the System privilege you wish to remove. Oracle8 copies the chosen privilege into the upper list, indicating it is now removed from the User. 7. Remove an Object privilege by displaying Object Privileges and doubleclicking the desired privilege. Select Object Privileges tab. Next, double-click the Object privilege you wish to remove. Oracle8 copies the chosen privilege into the upper list, indicating it is now removed from the User.
Caution

Only the User that granted a privilege may revoke that privilege. If you attempt to revoke a privilege you did not grant, you receive the following error message:
ORA-01927: original Grantor must Revoke Privileges

Query the Data Dictionary View called ALL_TAB_PRIVS to find the Grantor.
Tip

If you want the application developer to use Security Manager to revoke privileges, refer to the section “Allowing Object Owners to use Security Manager” later in this chapter. 8. Click the Apply button to save your work to the database. Assuming no error messages are returned, the privileges are revoked.

Changing a User’s default Tablespaces, account lock, profile, or quota
See Reference Section

ALTER USER

If you are the DBA or Security Manager, you can change the default Tablespaces, account lock, profile, or quotas assigned to any User. The Account Lock/Unlock feature enables you to lock a User out of the database or enables the User to access the Database. Here are the steps to enable this feature using Security Manager. 1. Start the Security Manager from the toolbar and log in. 2. Double-click the User folder in the left window. This brings up a list of Users on the left and on the right. 3. Click the User on which you wish to work. The User’s Profile window appears in the right frame.

Chapter 6 3 Users

133

4. Change features as desired. Use the tabs to find the feature you wish to change. Use the buttons and boxes to adjust the User’s features. Figure 6-5 shows where you modify the User’s profile, lock status, and default Tablespaces under the General tab.

Profile

Defaults Lock/Unlock

Figure 6-5: Adjust profile, locking, and defaults features in the General tab.

Figure 6-6 shows where you modify the User’s quotas. 5. Click the Apply button to complete the job. Security Manager accepts the change and returns you to the main window. The next section describes how to modify another portion of the User’s security.

Switching Users or databases in Security Manager
Every Enterprise Manager tool enables you to switch identities or databases with the click of a mouse. Here’s how to switch in Security Manager. Follow these steps starting in the main window of the Security Manager. 1. Choose File Á Change Database Connection. If you have unsaved work, Security Manager prompts you either to apply the work or cancel. After making your choice, proceed to the Log in window. The Log in window you see is the same as the initial Log in window.

134

Chapter 6 3 Security Manager for Users, Roles, and Profiles

Quotas

Figure 6-6: Adjust User quotas in the Quotas tab.

2. Type in the new User name, password, and database. 3. Click OK. Oracle8 returns you to the Security Manager and you start anew. Every Enterprise Manager tool has Change Database Connection as a File menu selection.

Roles
If you are the DBA or you have Personal Oracle8, creating and assigning Roles is simple. Only the DBA can create Roles unless the DBA has granted this privilege to another User or Role. Only the Table Owner can grant privileges unless the Table Owner gave this right to another User or Role with the WITH ADMIN OPTION.
CrossReference

This section shows you how to create Roles and assign the Roles to Users. The Chapter 3 section “Security” discusses the concepts behind creating and using Roles in Oracle8. Briefly, you use Roles in Oracle8 to pull together sets of privileges (such as access to Tables) for easier management. Once the Role is created and the appropriate privileges are assigned to the Role, you can assign or revoke the Role to your Users. A User inherits the privileges granted to the Role. A User can also be assigned any number of Roles. A Role, which simplifies the tasks of adding and removing Users, can be assigned any number of privileges.

Chapter 6 3 Roles

135

Creating a new Role
See Reference Section

CREATE ROLE

Here are the steps for creating a Role using the Security Manager. 1. Start up Security Manager and log in as the DBA. You must log in as a User name that has DBA authority or has been granted the CREATE ROLE privilege to create Roles. To modify Roles, you must have the ALTER ANY ROLE privilege. To remove a Role, you must have the DROP ANY ROLE privilege. 2. Right-click the folder labeled Role in the left frame and choose Create from the pop-up menu. Security Manager now displays the Create Role dialog box as shown in Figure 6-7.

Figure 6-7: Get ready to make a new Role with Security Manager.
CrossReference

3. Type the new Role name in the Role box. Follow the Oracle8 naming rules for Oracle8 Objects. Refer to the “Choosing Names for Users and Passwords” sidebar earlier in this chapter for a quick summary of Object naming guidelines. 4. Select the authentication you prefer. Often, you select None, indicating you do not need Role-specific authentication. This option means the User need only be assigned the Role to be able to use it. The other types of authentication are:

136

Chapter 6 3 Security Manager for Users, Roles, and Profiles

• Global. This new Oracle8 authentication defines a Role as unique across multiple databases. • External. This authentication validates the User’s Role through the operating system.
See Reference Section

SET ROLE

• Password. The User must enter the designated password when activating this Role. See the Command SET Role in the SQL Reference section for information on how to activate this kind of Role.
GRANT

See Reference Section

5. Click the Roles/Privileges tab (optional). Select Privileges and assign them to the Role by clicking the Add button. You can add Roles and system privileges in this tab. To assign a system privilege with the ADMIN Option, click in the appropriate row and column to change the red X to a green check mark. Figure 6-8 shows the ALTER ANY Role privilege will be granted WITH ADMIN OPTION. The WITH ADMIN OPTION means a User with this Role is enabled to grant the privilege to other Roles and Users.

Grant with ADMIN OPTION

Figure 6-8: Click the Admin Option switch with your mouse.

6. Click the Object Privileges tab (optional). This window enables you to assign Object privileges (such as SELECT ON
AMY.SALAD_BAR) to the User.

Chapter 6 3 Roles

137

Caution

You must have appropriate privileges to grant the Object privileges. For example, you must have SELECT ON AMY.SALAD_BAR WITH Grant Option or SELECT ANY Table WITH ADMIN OPTION to assign the SELECT privilege on AMY’s SALAD_BAR Table. You often split Role-related duties between the DBA (who creates the Role) and the application developer (who grants privileges to the Role). In this case, the application developer assigns privileges using SQL*Plus or SQL Worksheet (see the Grant command in the SQL reference section). If you want the application developer to use Security Manager, refer to the “Allowing Object Owners to use Security Manager” section later in this chapter. 7. Click the Create button. This creates the Role and returns you to the main window. You now have a new Role complete with privileges. To use a Role’s privileges, you must assign one or more Users to the Role.

Tip

Assigning Users to a Role
After creating the Role, you (as the DBA) can assign this new Role to Users. Follow these steps to assign a Role to a User. 1. Start up Security Manager and log in as DBA. The Security Manager main window appears. 2. Select the User folder. Double-click the User folder in the left frame. This selection brings up a list of every User name in the database as shown in Figure 6-9. 3. Select a User name. Click the User name that will receive the new Role. This selection brings up the User properties window. 4. Click the Roles/Privileges tab. Click the Roles/Privileges tab near the top of the window. The window now shows the current list of Roles and privileges for this User. The window lists all granted Roles on the bottom and all remaining Roles on the top. 5. Assign a Role by double-clicking the desired Role. To assign a Role, select and double-click a Role in the top window. Oracle8 copies the chosen Role into the lower list, indicating it is now assigned to the User. In Figure 6-10, the User HAROLD has been assigned a new Role called SALES.

138

Chapter 6 3 Security Manager for Users, Roles, and Profiles

Figure 6-9: Users show up in a list when you double-click the Users folder.

Figure 6-10: Users are assigned to a Role in this window.

Chapter 6 3 Roles

139

6. Click the Show SQL button (optional). This optional step shows you how to view the SQL command(s) generated by your actions. As you work, Oracle8 generates the SQL commands; you can execute the commands by pressing the Apply (or Create) button. Once executed, the commands disappear from the SQL window. Figure 6-11 shows where you find the SQL commands.

Figure 6-11: Use the Show SQL Button to display the exact SQL code the Security Manager will apply.
Tip

You can record your SQL commands as they are executed using the Record button. When you click the Stop button, Oracle8 prompts you for a file name where the SQL commands are saved. Or, you can use the mouse to select, copy, and paste the SQL commands from the Show SQL frame into a file which you have opened for editing. 7. Click the Apply button to save your work to the database.

140

Chapter 6 3 Security Manager for Users, Roles, and Profiles

Adding and removing Roles or privileges to Roles
When you use Roles for security, the Role subsequently receives Object privileges, such as the ability to query a Table.
See Reference Section

GRANT

Follow these steps to assign or remove a Role or a privilege to a Role with Security Manager. 1. Start the Security Manager and log in as DBA (or Object Owner). The Security Manager main window appears. 2. Double-click the Role folder. This brings up a list of every Role name in the database. 3. Click a Role name. Click the Role name on which you wish to work; this action brings up the Role properties window. 4. Click the Roles/Privileges tab. Click the Roles/Privileges tab near the top of the window. The window now shows the Current list of Roles and privileges for this Role. The window lists all the granted Roles on the bottom and all the remaining Roles on the top. 5. Add a Role by double-clicking the desired Role. Oracle8 copies the chosen Role into the lower list, indicating it is now added to the Role. 6. Add a system privilege by displaying System Privileges and double-clicking the desired privilege. Select System Privileges from the Privilege Type box. Next, double-click the system privilege you wish to add. 7. Add an Object privilege by displaying Object Privileges and double-clicking the desired privilege. Select Object Privileges tab. Next, double-click the Object privilege you wish to add. 8. Remove a Role by double-clicking the desired Role. Oracle8 copies the chosen Role into the upper list, indicating it is now removed from the Role. 9. Remove a system privilege by displaying System Privileges and doubleclicking the desired privilege. Select System Privileges from the Privilege Type box. Next, double-click the system privilege you wish to remove. 10. Remove an Object privilege by displaying Object Privileges and doubleclicking the desired privilege. Select Object Privileges tab. Next, double-click the Object privilege you wish to remove.

Chapter 6 3 Profiles

141

11. Click the Apply button to save your work to the database.

Allowing Object Owners to use Security Manager
You may want your application developers (logging on as the Object Owner) to use the Security Manager to manage the Object privileges assigned to Roles. Follow these steps to grant the appropriate privileges to the Object Owner. 1. Start up Security Manager and log in as DBA. The Security Manager main window appears. 2. Double-click the Users folder in the left frame. The Security Manager displays all User names. 3. Click the User name that needs access to the Security Manager. Select the User name that is the Object Owner. 4. Click the Roles/Privileges tab. This tab displays current and available Roles. 5. Double-click SELECT_CATALOG_ROLE. This action assigns the Role to the User. 6. Select System Privileges in the Privilege Type box. You see current and available system privileges. 7. Double-click SELECT ANY Table. The privilege moves into the lower window, indicating it is now assigned to the User. 8. Click Apply to save your work. Now the Object Owner can log in to the Security Manager and assign Object privileges as necessary.

Profiles
Profiles, like Roles, can simplify and streamline the work of the DBA or Security Officer. A profile is a collection of capabilities given a name and assigned to one or more Oracle8 Users. Oracle8 has one profile (named Default) preloaded with its default database. Figure 6-12 shows the Users assigned to the default profile.

142

Chapter 6 3 Security Manager for Users, Roles, and Profiles

Figure 6-12: Users assigned to the default profile are listed under the Profile folder.

This section shows you how to work with profiles using Security Manager.

Creating a new profile
See Reference Section

CREATE Profile

The Security Manager enables you to create a new profile easily. Follow these steps. 1. Start the Security Manager from the taskbar and log in. The main window of the Security Manager appears. 2. Choose Profile Á Create. Alternative ways to begin the Create Profile process: • Click the Profile folder and then press the green plus (+) sign in the toolbar. • Right-click the Profile folder and then select Create from the submenu. • Select an existing profile and then click the green Create Like button. This brings up the Create Profile dialog box seen in Figure 6-13.

Chapter 6 3 Profiles

143

Figure 6-13: A new profile must have a unique name within the database instance.

3. Type a new name for the new profile. 4. Select Profile Options from the pull-down lists. 5. Select the password tab (optional). Here you can adjust some of the parameters controlling passwords for Users who are assigned to this profile. To learn more, refer to the following section “Managing password features with profile.” 6. Click Apply. The Security Manager creates the new profile. Next, you can assign Users to the newly-created profile.

Assigning a profile to a User
You can assign a profile to a User in two ways: 3 Select the User and add the profile. Follow the instructions in the previous section “Changing a User’s default Tablespaces, account lock, profile, or quota.” 3 Select the profile and add the User. The following section describes this method.

144

Chapter 6 3 Security Manager for Users, Roles, and Profiles

See Reference Section

ALTER USER

Follow these steps to assign a profile to a User. 1. Start the Security Manager from the taskbar and log in. The main window of the Security Manager appears. 2. Right-click the Profile folder. Security Manager displays a pop-up menu as shown in Figure 6-14.

Figure 6-14: Right-click the Profile folder and select “Assign Profile to Users...”

3. Select “Assign Profile to Users” from the submenu. The Assign Profile window appears as shown in Figure 6-15. 4. Select the profile in the Profile box and assign Users. Click to select an individual User, press Shift+click mouse to select a range of Users or press Ctrl+click mouse to select several individual Users. 5. Click Apply to save changes to the database. Security Manager assigns the appropriate profiles and returns to the main window. Another new Oracle8 feature enables you to control passwords using the profile.

Chapter 6 3 Profiles

145

Figure 6-15: Choose Users and assign them to a profile here.

Managing password features with profile
To gain more control (as the DBA) over Oracle8 User passwords, follow these steps to reach the Password Parameter window. Then pick and choose from these features: 3 Expire password. Expire a password now or in a designated number of days. Lock the password if not renewed within a designated number of days after expiration. 3 Keep password history. Do not allow a User to reuse a prior password. Choose either a number of days or passwords before reuse is allowed. 3 Enforce complexity. Employ a third-party script or write your own for validating the complexity of any User password using the current profile. 3 Lock account on failed log on. Choose how many days a User is locked after failing to type a valid password a designated number of times. Follow these steps to find and modify the password features for a profile. 1. Start up the Security Manager from the taskbar and log in as DBA. The main window of the Security Manager appears. 2. Double-click the Profile folder. Security Manager displays a list of profiles. 3. Click a profile. The Profile Properties window appears. 4. Click the Passwords tab. The Password Parameter window appears as shown in Figure 6-16.
Tip

If you select Default in any of the Password boxes, that setting defaults to the corresponding setting in the default profile.

146

Chapter 6 3 Security Manager for Users, Roles, and Profiles

Figure 6-16: Make adjustments to a profile’s password settings here.

5. Click Apply. The Security Manager saves your changes to the database.

Summary
Users and Roles together form a foundation for your Oracle8 database. Users are assigned privileges depending on how they will work with the database. Roles enable the DBA and the application developer to simplify privilege management by lumping related privileges together under a single Role. Subsequently, a new User can be assigned (granted) to a single Role rather than assigned numerous privileges individually. Profiles also manage the capabilities of individual Users without assigning each User a whole array of capabilities. A profile contains the set of capabilities needed for a certain type of User; the User then gets assigned to the appropriate profile. Both profiles and Roles save time and simplify security management for the DBA. The following chapter, “Schema Manager for Tables,” describes how designated Users use another Enterprise Manager tool to create and modify Tables.

3

3

3

Sign up to vote on this title
UsefulNot useful