Administrative User Accounts Provided by Oracle Database

 https://docs.oracle.com/cd/B16351_01/doc/server.102/b14196/

Username	Password	Description	See Also
CTXSYS	CTXSYS	The Oracle Text account	Oracle Text Reference
DBSNMP	DBSNMP	The account used by the Management Agent component of Oracle Enterprise Manager to monitor and manage the database	Oracle Enterprise Manager Grid Control Installation and Basic Configuration
MDDATA	MDDATA	The schema used by Oracle Spatial for storing Geocoder and router data	Oracle Spatial User's Guide and Reference
MDSYS	MDSYS	The Oracle Spatial and Oracle interMedia Locator administrator account	Oracle Spatial User's Guide and Reference
DMSYS	DMSYS	The data mining account. DMSYS performs data mining operations.	Oracle Data Mining Administrator's Guide Oracle Data Mining Concepts
OLAPSYS	MANAGER	The account used to create OLAP metadata structures. This account owns the OLAP Catalog (CWMLite).	Oracle OLAP Application Developer's Guide
ORDPLUGINS	ORDPLUGINS	The Oracle interMedia user. Plugins supplied by Oracle and third party format plugins are installed in this schema.	Oracle interMedia User's Guide
ORDSYS	ORDSYS	The Oracle interMedia administrator account	Oracle interMedia User's Guide
OUTLN	OUTLN	The account that supports plan stability. Plan stability enables you to maintain the same execution plans for the same SQL statements. OUTLN acts as a role to centrally manage metadata associated with stored outlines.	Oracle Database Performance Tuning Guide
SI_INFORMTN_SCHEMA	SI_INFORMTN_SCHEMA	The account that stores the information views for the SQL/MM Still Image Standard	Oracle interMedia User's Guide
SYS	CHANGE_ON_INSTALL	The account used to perform database administration tasks	"About Administrative Accounts"
SYSMAN	CHANGE_ON_INSTALL	The account used to perform Oracle Enterprise Manager database administration tasks. Note that SYS and SYSTEM can also perform these tasks.	Oracle Enterprise Manager Grid Control Installation and Basic Configuration
SYSTEM	MANAGER	Another account used to perform database administration tasks	"About Administrative Accounts"

Sample Schemas

Most of the included accounts are administrative accounts, but Sample Schema accounts are also present. The Oracle Database Sample Schemas are a set of interlinked schemas that enable Oracle documentation, and Oracle by Example Series, to illustrate common database tasks:

• The human resources (hr) schema is useful for introducing basic topics. An extension to this schema supports Oracle Internet Directory demos.

• The order entry (oe) schema is useful for dealing with matters of intermediate complexity. Many datatypes are available in this schema, including nonscalar datatypes.

• The online catalog (oc) subschema is a collection of object-relational database objects built inside the oe schema.

• The product media (pm) schema is dedicated to multimedia datatypes.

• The information exchange (ix) schemas demonstrate Oracle Advanced Queuing capabilities.

• The sales history (sh) schema is designed for demos with large amounts of data. An extension to this schema provides support for advanced analytic processing.

Privileges and Roles:-

Privilege or Role	Description	Examples
System privilege	An Oracle-defined privilege usually granted only to and by administrators. System privileges enable users to perform specific database operations.	The following are examples of system privileges that can be granted to users: CREATE TABLE allows grantee to create tables in the grantee's schema. CREATE USER allows grantee to create users in the database. CREATE SESSION allows grantee to connect to an Oracle database to create a user session.
Object privilege	A privilege that controls access to a specific object.	The following examples are object privileges that can be granted to users: SELECT ON hr.employees TO myuser INSERT ON hr.employees TO myuser
Role	A group of privileges or other roles	The following examples are Oracle-defined roles: CONNECT is a role that Enterprise Manager automatically grants to a user when you create a user as shown in "Creating Users". This role has the CREATE SESSION privilege. RESOURCE extends the privileges of a user beyond those granted by the CONNECT role. It includes CREATE PROCEDURE, CREATE TRIGGER, and other system privileges. DBA is the standard role that can be granted by an administrator to another administrator. It includes all system privileges and should only be granted to the most trusted and qualified of users. Assigning this role to a user enables the user to administer the database. You can create your own roles if you have been granted this privilege.

About Administrative Accounts

The following administrative accounts are automatically created when Oracle Database is installed:

• SYS

• SYSTEM

SYS

When you create an Oracle database, the user SYS is automatically created and granted the DBA role.

All base tables and views for the database data dictionary are stored in the schema SYS. These base tables and views are critical for the operation of Oracle Database. To maintain the integrity of the data dictionary, tables in the SYS schema are manipulated only by the database. They should never be modified by any user or database administrator. Also, you should not create any tables in the schema of user SYS, although you can change the storage parameters of the data dictionary settings if necessary.

Ensure that most database users are never able to connect to Oracle Database with the SYS account.

SYSTEM

When you create an Oracle Database, the user SYSTEM is also automatically created and granted the DBA role.

The SYSTEM user can create additional tables and views that display administrative information as well as internal tables and views used by various Oracle Database options and tools. Never use the SYSTEM schema to store tables of interest to nonadministrative users.

A predefined DBA role is automatically created with every Oracle Database installation. This role contains most database system privileges. Therefore, you should grant the DBA role only to actual database administrators. The DBA role does not include the SYSDBA or SYSOPER system privileges.

Administrative Privileges

SYSDBA and SYSOPER are administrative privileges required to perform basic database operations such as creating the database and instance startup and shutdown. Depending upon the level of authorization you require, you must have one of these privileges granted to you.

Note:

The SYSDBA and SYSOPER system privileges allow access to a database instance even when the database is not open. Control of these privileges is totally outside of the database itself.

You can also think of the SYSDBA and SYSOPER privileges as types of connections that enable you to perform certain database operations for which privileges cannot be granted in any other way. For example, if you have the SYSDBA privilege, then you can connect to the database by specifying CONNECT AS SYSDBA.

APPDEV Privileges

Privilege	Description
CREATE TABLE	Enables user to create tables in his schema.
CREATE VIEW	Enables user to create views in his schema.
CREATE PROCEDURE	Enables user to create procedures in his schema.
CREATE TRIGGER	Enables user to create triggers in his schema.
CREATE SEQUENCE	Enables user to create sequences in his schema.
CREATE SYNONYM	Enables user to create synonyms in his schema.

To modify the APPDEV role:

1. In the Users & Privileges section of the Administration home page, click Roles.

   The Roles page appears.

2. From the list of roles, select APPDEV and click Edit.

3. Click System Privileges to navigate to the System Privileges property page.

   The System Privilege column should display no items.

4. Click Edit List.

   The Modify System Privileges page appears.

5. In the Available System Privileges list, double-click the privileges listed in Table 7-3 to add them to the Selected System Privileges list.

6. Click OK.

   You are returned to the Edit Role: APPDEV page.

7. Click Apply.

   A confirmation message should appear saying that the role has been modified successfully.

Dropping Roles

In this exercise, you drop to the APPDEV role that you created in "Dropping Roles".

To drop the APPDEV role:

1. In the Users & Privileges section of the Administration home page, click Roles.

   The Roles page appears.

2. Select the APPDEV role and click Delete.

   A confirmation page appears.

3. Click Yes.

   A confirmation message indicates that the role has been deleted successfully.

Administering Profiles

A user profile establishes the password management policy for a user and sets limits the user's access to certain database resources. When you create the user in "Creating Users", you assign the Oracle-supplied default profile. This default profile is liberal in its resource specifications and does not provide tight restrictions on password usage.

To display the attributes of the default profile:

1. In the Users & Privileges section of the Administration home page, click Profiles.

   The Profiles page appears. On this page you can create, edit, view, or delete profiles. The structure and functionality of the Profiles page is similar to that of the Users page shown in Figure 7-2.

2. Select the DEFAULT profile and click View.

   The View page appears. In this page you can view all of the attributes associated with the DEFAULT profile.

Database resource usage and limits are managed by the Database Resource Manager. You can read about the Database Resource manager in online Help and view its pages when you click the links in the Resource Manager section of the Database Administration page.