Creating Users and Granting Privileges in Oracle Database

Oracle Database provides robust user management and privilege control mechanisms that are essential for database security and proper access control. Whether you're a DBA or a developer working with Oracle, understanding how to create users and manage their privileges is fundamental.


Creating Users in Oracle

The basic syntax for creating a user is:

CREATE USER username 
IDENTIFIED BY password
[DEFAULT TABLESPACE tablespace_name]
[TEMPORARY TABLESPACE temp_tablespace_name]
[QUOTA size ON tablespace_name]
[PROFILE profile_name]
[ACCOUNT {LOCK | UNLOCK}]
[PASSWORD EXPIRE];

Example: Creating a Basic User

CREATE USER app_user 
IDENTIFIED BY "Str0ngP@ssw0rd"
DEFAULT TABLESPACE users
TEMPORARY TABLESPACE temp
QUOTA 100M ON users;

Key Options Explained

  1. IDENTIFIED BY – Sets the user's password. You can also use IDENTIFIED EXTERNALLY for OS authentication.

  2. DEFAULT/TEMPORARY TABLESPACE – Specifies the user's primary and temporary storage areas.

  3. QUOTA – Limits the amount of space a user can consume in a specific tablespace.

  4. PROFILE – Assigns the user a resource profile that can enforce limits and password policies.

  5. ACCOUNT LOCK/UNLOCK – Controls whether the user can log in immediately.

  6. PASSWORD EXPIRE – Forces a password change upon first login.

Granting Privileges

Oracle uses two main types of privileges:

1. System Privileges

System privileges allow users to perform high-level database operations.

GRANT privilege_name TO username;

Common examples:

  • CREATE SESSION (required for login)

  • CREATE TABLE, CREATE VIEW, CREATE PROCEDURE

  • UNLIMITED TABLESPACE

  • SYSDBA, SYSOPER (administrative roles)

Example:

GRANT CREATE SESSION, CREATE TABLE TO app_user;

2. Object Privileges

Object privileges control access to specific schema objects.

GRANT privilege_name ON object_name TO username;

Common object privileges:

  • SELECT, INSERT, UPDATE, DELETE on tables

  • EXECUTE on procedures and functions

  • REFERENCES for creating foreign keys

Example:

GRANT SELECT, INSERT ON hr.employees TO app_user;

Using Roles for Simplified Privilege Management

Roles allow you to group privileges and assign them to users in bulk.

-- Create a role
CREATE ROLE report_viewer;

-- Grant object privileges to the role
GRANT SELECT ON hr.employees TO report_viewer;
GRANT SELECT ON hr.departments TO report_viewer;

-- Assign the role to a user
GRANT report_viewer TO app_user;

Common Administrative Tasks

Viewing Privileges

-- System privileges
SELECT * FROM dba_sys_privs WHERE grantee = 'APP_USER';

-- Object privileges
SELECT * FROM dba_tab_privs WHERE grantee = 'APP_USER';

-- Role privileges
SELECT * FROM dba_role_privs WHERE grantee = 'APP_USER';

Modifying User Accounts

-- Change password
ALTER USER app_user IDENTIFIED BY "NewP@ss123";

-- Increase tablespace quota
ALTER USER app_user QUOTA 200M ON users;

-- Lock or unlock account
ALTER USER app_user ACCOUNT LOCK;
ALTER USER app_user ACCOUNT UNLOCK;

Revoking Privileges

-- Revoke a system privilege
REVOKE CREATE TABLE FROM app_user;

-- Revoke an object privilege
REVOKE INSERT ON hr.employees FROM app_user;

-- Revoke a role
REVOKE report_viewer FROM app_user;

Best Practices

  1. Follow the Principle of Least Privilege – Always grant the minimum access necessary for a user's role.

  2. Use Roles – Manage privileges more efficiently by grouping them.

  3. Enforce Strong Password Policies – Use profiles to set complexity and expiration rules.

  4. Conduct Regular Privilege Audits – Use data dictionary views to review and document user access.

  5. Avoid PUBLIC Grants – Avoid assigning any powerful privileges to the PUBLIC role.

  6. Design Schemas Thoughtfully – Consider schema-based application models over creating many individual users.

Example Workflow: Setting Up an Application User

-- Step 1: Create a dedicated tablespace
CREATE TABLESPACE app_data 
DATAFILE '/path/to/app_data01.dbf' SIZE 500M;

-- Step 2: Create the application owner schema
CREATE USER app_owner 
IDENTIFIED BY "0wnerP@ss!23"
DEFAULT TABLESPACE app_data
TEMPORARY TABLESPACE temp
QUOTA UNLIMITED ON app_data;

-- Grant essential privileges
GRANT CREATE SESSION, CREATE TABLE, CREATE VIEW, 
      CREATE PROCEDURE, CREATE SEQUENCE TO app_owner;

-- Step 3: Create a role to encapsulate app access
CREATE ROLE app_user_role;

-- Grant object-level privileges via the role
GRANT SELECT, INSERT, UPDATE ON app_owner.customers TO app_user_role;
GRANT SELECT, INSERT ON app_owner.orders TO app_user_role;
GRANT EXECUTE ON app_owner.process_order TO app_user_role;

-- Step 4: Create a restricted application user
CREATE USER app_user 
IDENTIFIED BY "Us3rP@ss456"
DEFAULT TABLESPACE users
TEMPORARY TABLESPACE temp;

-- Assign minimal system privileges
GRANT CREATE SESSION TO app_user;

-- Assign role-based privileges
GRANT app_user_role TO app_user;

Conclusion

Effective user and privilege management is a cornerstone of Oracle Database security. By following structured processes and adhering to best practices, you can maintain secure, controlled, and auditable access across your database environment. Make it a habit to regularly review and refine your privilege assignments to keep your systems protected and compliant.

Comments

Post a Comment

Popular posts from this blog

Oracle Performance Tuning Techniques: A Developer’s Guide

Performance tuning in Oracle isn’t just a DBA's job developers play a critical role in optimizing how applications interact with the database. Whether you're building a small app or working on an enterprise system, understanding how to tune SQL queries and schema design can drastically improve performance. In this guide, we’ll explore key Oracle performance tuning techniques that every developer should know. 🎯 Why Performance Tuning Matters Slow queries = frustrated users + wasted resources. Poorly optimized code can: Increase CPU and memory usage Slow down the entire application Cause timeouts or crashes under load With some tuning, you can significantly reduce query execution time and make your Oracle database fly. 🦅 1. 🔍 Use EXPLAIN PLAN to Understand Query Execution Oracle’s EXPLAIN PLAN command lets you peek under the hood and see how the database is executing your SQL. Run this: EXPLAIN PLAN FOR SELECT * FROM employees WHERE department_id = 10; ...
Read more

Understanding Tablespaces, Datafiles, and Control Files in Oracle

Image
Introduction Oracle Database uses a sophisticated storage architecture to manage data efficiently. Three key components form the foundation of this system: Tablespaces (logical storage units) Datafiles (physical storage files) Control Files (database metadata) This guide explains how these components work together to ensure data integrity, performance, and recoverability in Oracle. 1. Tablespaces: Logical Storage Containers A tablespace is a logical storage unit that groups related database objects (tables, indexes, etc.). Key Characteristics Logical structure (visible to users/admins) Can span multiple datafiles Classified into different types: SYSTEM (stores data dictionary) SYSAUX (auxiliary system data) TEMP (temporary sort operations) UNDO (rollback/transaction management) USER (default storage for application data) Managing Tablespaces -- Create a tablespace CREATE TABLESPACE app_data DATAFILE '/u01/oracle/data/app01.d...
Read more

How to Install and Set Up Oracle Database on Linux (Step-by-Step Guide)

Oracle Database is one of the most powerful and widely used relational database management systems (RDBMS) in the world. Whether you're a developer, database administrator, or IT professional, setting up Oracle Database on Linux is a crucial skill. In this guide, we’ll walk you through the process of installing and configuring Oracle Database on a Linux system. Prerequisites Before you begin, ensure you have the following: Linux Operating System : Oracle supports various Linux distributions like Oracle Linux, Red Hat, CentOS, and Ubuntu. Hardware Requirements : At least 2 GB RAM (4 GB or more recommended). 10 GB of free disk space (20 GB or more recommended). Oracle Database Software : Download the Oracle Database installation files from the Oracle Technology Network (OTN) . Root or Sudo Access : You need administrative privileges to install and configure the database. Step 1: Update Your System Before installing Oracle Database, update your Linux system to ensure all...
Read more