Lab 5

Database Users
(Queries based on Database
Administration)

IS221:
DATABASE MANAGEMENT SYSTEMS
Outline
Create user
Connect user to Database
Altering user attributes

INFORMATION SYSTEMS DEPARTMENTS 2

Create User
 Use the CREATE USER statement to create and configure
a database user

“ Create user user_name identified by password; ”

INFORMATION SYSTEMS DEPARTMENTS 3

 Grant Connect to a User
 A newly created user cannot connect to the database until
he granted with CONNECT role using the GRANT statement .
“ Grant Connect to user_name ; “
“ Grant all privileges to user_name ; “

INFORMATION SYSTEMS DEPARTMENTS 4

Altering User Attributes

 The user must have the ALTER USER system

privilege to alter other account’s attributes.
However, users can change their own password
without this privilege.

INFORMATION SYSTEMS DEPARTMENTS 5

Example on Altering Users
1. Specifying Tablespace Quota for user
Tablespace quota limits the amount of space that be
allocated for storage of a user's objects within the specified
tablespace.
Each user can be assigned with a tablespace quota for any
tablespace (except a temporary tablespace).
By default, a user has no quota on any tablespace in the
database.

INFORMATION SYSTEMS DEPARTMENTS 6

Example on Altering Users
1. Specifying Tablespace Quota for user :
Syntax:
“ alter user user_name quota quota_size on tablespace_name; “

To change the quota to unlimited space :

“ alter user user_name quota unlimited on tablespace_name; “

INFORMATION SYSTEMS DEPARTMENTS 7

Example on Altering Users
2. Lock & Unlock user account :

“ alter user user_name account lock ; “

“ alter user user_name account unlock ; “

INFORMATION SYSTEMS DEPARTMENTS 8

Example on Altering Users
3. Changing password :
Any user connect to the database can change his own password even
without having ALTER USER privilege.

“ alter user user_name identified by new_password replace old_password ; “

INFORMATION SYSTEMS DEPARTMENTS 9

Example on Altering Users
3. Expiring Password :
Expiring the password of a user account will force the user to change his
password the next time he log in.

“ alter user user_name password expire ; “

INFORMATION SYSTEMS DEPARTMENTS 10

Discretionary Access Control
Discretionary access control in a database system is based on the
granting and revoking privileges:
Grant Command:
GRANT privileges ON object TO users [WITH GRANT OPTIONS]

Revoke Command:
REVOKE [GRANT OPTION FOR] privileges ON object FROM users

INFORMATION SYSTEMS DEPARTMENT 11

The privileges
Privilege Description
SELECT Ability to perform SELECT statements on the
table.
INSERT Ability to perform INSERT statements on the
table.
Ability to perform UPDATE statements on
UPDATE the table.
Ability to perform DELETE statements on the
DELETE
table.
REFERENCES Ability to create a constraint that refers to
the table.
Ability to perform ALTER TABLE statements
ALTER to change the table definition.

ALL does not grant all permissions for the

ALL table. Rather, it grants the ANSI-92
permissions which are SELECT, INSERT,
UPDATE, DELETE, and REFERENCES.

INFORMATION SYSTEMS DEPARTMENT 12

 Example
GRANT SELECT, INSERT, UPDATE, DELETE ON employees TO
smithj ;

INFORMATION SYSTEMS DEPARTMENT 13

Creating and Altering Users
 Create user user_name identified by password;

 Grant Connect to user_name ;

alter user user_name account lock ;

alter user user_name account unlock ;

alter user user_name identified by new_password replace old_password ;

alter user user_name password expire ;

INFORMATION SYSTEMS DEPARTMENTS 14

INFORMATION SYSTEMS DEPARTMENT 15