Professional Documents
Culture Documents
Previous Next
See Also: Oracle Database Security Guide for detailed information about securing user accounts
See Also: Oracle Database Security Guide for detailed information about managing user accounts and authentication "Predefined User Accounts Provided by Oracle Database" for a description of the predefined user accounts that are created when you install Oracle Database
docs.oracle.com/cd/B28359_01/server.111/b28337/tdpsg_user_accounts.htm
1/11
9/29/13
User Account A N O N Y M O U S
Description Account that allows HTTP access to Oracle XML DB. It is used in place of the A P E X _ P U B L I C _ U S E Raccount when the Embedded PL/SQL Gateway (EPG) is installed in the database. EPG is a Web server that can be used with Oracle Database. It provides the necessary infrastructure to create dynamic applications.
C T X S Y S
The account used to administer Oracle Text. Oracle Text enables you to build text query applications and document classification applications. It provides indexing, word and theme searching, and viewing capabilities for text. See Oracle Text Application Developer's Guide. The account used by the Management Agent component of Oracle Enterprise Manager to monitor and manage the database. See Oracle Enterprise Manager Grid Control Installation and Basic Configuration. The account used internally to access the E X F S Y S schema, which is associated with the Rules Manager and Expression Filter feature. This feature enables you to build complex PL/SQL rules and expressions. The E X F S Y Sschema contains the Rules Manager and Expression Filter DDL, DML, and associated metadata. See Oracle Database Rules Manager and Expression Filter Developer's Guide.
D B S N M P
Open Password is created at installation or database creation time. Expired and locked
E X F S Y S
L B A C S Y S
The account used to administer Oracle Label Security (OLS). It is created only when you install the Label Security custom option. See "Enforcing Row-Level Security with Oracle Label Security" and Oracle Label Security Administrator's Guide. The Oracle Spatial and Oracle Multimedia Locator
M D S Y S
docs.oracle.com/cd/B28359_01/server.111/b28337/tdpsg_user_accounts.htm
9/29/13
administrator account. See Oracle Spatial Developer's Guide. M G M T _ V I E W An account used by Oracle Enterprise Manager Database Control. Open Password is randomly generated at installation or database creation time. Users do not need to know this password. Expired and locked
O L A P S Y S
The account that owns the OLAP Catalog (CWMLite). This account has been deprecated, but is retained for backward compatibility. The account for administrating the Oracle Warehouse Builder repository. Access this account during the installation process to define the base language of the repository and to define Warehouse Builder workspaces and users. A data warehouse is a relational or multidimensional database that is designed for query and analysis. See Oracle Warehouse Builder Installation and Administration Guide. The Oracle Multimedia user. Plug-ins supplied by Oracle and third-party, format plug-ins are installed in this schema. Oracle Multimedia enables Oracle Database to store, manage, and retrieve images, audio, video, DICOM format medical images and other objects, or other heterogeneous media data integrated with other enterprise information. See Oracle Multimedia User's Guide and Oracle Multimedia Reference.
O W B S Y S
O R D P L U G I N S
O R D S Y S
The Oracle Multimedia administrator account. Expired and locked See Oracle Multimedia User's Guide, Oracle Multimedia Reference, and Oracle Multimedia DICOM Developer's Guide. The account that supports plan stability. Plan stability prevents certain database environment changes from affecting the performance characteristics of applications by preserving execution plans in stored outlines. O U T L Nacts as a role to centrally manage metadata associated with stored outlines. See Oracle Database Performance Tuning Guide. Expired and locked
O U T L N
S I _ I N F O R M T N _ S C H E M A The account that stores the information views for the SQL/MM Still Image Standard. See Oracle Multimedia User's Guide and Oracle Multimedia Reference. S Y S An account used to perform database administration tasks. See Oracle Database 2 Day DBA. The account used to perform Oracle Enterprise Manager database administration tasks. The S Y Sand
S Y S M A N
Open Password is created at installation or database S Y S T E Maccounts can also perform these tasks. See Oracle Enterprise Manager Grid Control Installation creation time. and Basic Configuration. A default generic database administrator account for Oracle databases. For production systems, Oracle recommends creating individual database administrator accounts and not using the generic S Y S T E Maccount for database administration operations. See Oracle Database 2 Day DBA. Open Password is created at installation or database creation time.
S Y S T E M
T S M S Y S
docs.oracle.com/cd/B28359_01/server.111/b28337/tdpsg_user_accounts.htm
9/29/13
(TSM). W K _ T E S T The instance administrator for the default instance, Expired and locked W K _ I N S T . After you unlock this account and assign this user a password, then you must also update the cached schema password using the administration tool Edit Instance Page. Ultra Search provides uniform search-and-location capabilities over multiple repositories, such as Oracle databases, other ODBC compliant databases, IMAP mail servers, HTML documents managed by a Web server, files on disk, and more. See Oracle Ultra Search Administrator's Guide. W K S Y S An Ultra Search database super-user. W K S Y Scan grant Expired and locked super-user privileges to other users, such as W K _ T E S T . All Oracle Ultra Search database objects are installed in the W K S Y Sschema. See Oracle Ultra Search Administrator's Guide. W K P R O X Y An administrative account of Oracle9i Application Server Ultra Search. See Oracle Ultra Search Administrator's Guide. Expired and locked
W M S Y S
The account used to store the metadata information for Expired and locked Oracle Workspace Manager. See Oracle Database Workspace Manager Developer's Guide. The account used for storing Oracle XML DB data and Expired and locked metadata. Oracle XML DB provides high-performance XML storage and retrieval for Oracle Database data. See Oracle XML DB Developer's Guide.
X D B
User Account A P E X _ P U B L I C _ U S E R
Description The Oracle Database Application Express account. Use this account to specify the Oracle schema used to connect to the database through the database access descriptor (DAD). Oracle Application Express is a rapid, Web application development tool for Oracle Database. See Oracle Database Application Express User's Guide.
D I P
The Oracle Directory Integration and Provisioning Expired and locked (DIP) account that is installed with Oracle Label Security. This profile is created automatically as part of the installation process for Oracle Internet Directory-enabled Oracle Label Security. See Oracle Label Security Administrator's Guide.
docs.oracle.com/cd/B28359_01/server.111/b28337/tdpsg_user_accounts.htm
4/11
9/29/13
F L O W S _ 3 0 0 0 0
The account that owns most of the database objects Expired and locked created during the installation of Oracle Database Application Express. These objects include tables, views, triggers, indexes, packages, and so on. See Oracle Database Application Express User's Guide. The account that owns the database objects created Expired and locked during the installation of Oracle Database Application Express related to modplsql document conveyance, for example, file uploads and downloads. These objects include tables, views, triggers, indexes, packages, and so on. See Oracle Database Application Express User's Guide. The schema used by Oracle Spatial for storing Expired and locked Geocoder and router data. Oracle Spatial provides a SQL schema and functions that enable you to store, retrieve, update, and query collections of spatial features in an Oracle database. See Oracle Spatial Developer's Guide. The account used with Oracle Configuration Expired and locked Manager. This feature enables you to associate the configuration information for the current Oracle Database instance with OracleMetaLink. Then when you log a service request, it is associated with the database instance configuration information. See Oracle Database Installation Guide for your platform.
F L O W S _ F I L E S
M D D A T A
O R A C L E _ O C M
S P A T I A L _ C S W _ A D M I N _ U S R The Catalog Services for the Web (CSW) account. It Expired and locked is used by Oracle Spatial CSW Cache Manager to load all record-type metadata and record instances from the database into the main memory for the record types that are cached. See Oracle Spatial Developer's Guide. S P A T I A L _ W F S _ A D M I N _ U S R The Web Feature Service (WFS) account. It is used Expired and locked by Oracle Spatial WFS Cache Manager to load all feature type metadata and feature instances from the database into main memory for the feature types that are cached. See Oracle Spatial Developer's Guide. X S $ N U L L An internal account that represents the absence of a Expired and locked user in a session. Because X S $ N U L Lis not a user, this account can only be accessed by the Oracle Database instance. X S $ N U L Lhas no privileges and no one can authenticate as X S $ N U L L , nor can authentication credentials ever be assigned to X S $ N U L L .
docs.oracle.com/cd/B28359_01/server.111/b28337/tdpsg_user_accounts.htm
5/11
9/29/13
Table 3-3 lists the sample schema user accounts, which represent different divisions of a fictional company that manufactures various products. Table 3-3 Default Sample Schema User Accounts
Status After Installation Expired and locked
User Account Description B I The account that owns the B I(Business Intelligence) schema included in the Oracle Sample Schemas. See also Oracle Warehouse Builder User's Guide. H R The account used to manage the H R(Human Resources) schema. This schema stores information about the employees and the facilities of the company. O E The account used to manage the O E(Order Entry) schema. This schema stores product inventories and sales of the company's products through various channels. P M
The account used to manage the P M(Product Media) schema. This Expired and locked schema contains descriptions and detailed information about each product sold by the company.
I X
The account used to manage the I X(Information Exchange) schema. This schema manages shipping through business-tobusiness (B2B) applications.
S H
The account used to manage the S H(Sales) schema. This schema stores business statistics to facilitate business decisions.
In addition to the sample schema accounts, Oracle Database provides another sample schema account, S C O T T . The S C O T Tschema contains the tables E M P ,D E P T ,S A L G R A D E , and B O N U S . The
S C O T Taccount is used in examples throughout the Oracle Database documentation set. When
docs.oracle.com/cd/B28359_01/server.111/b28337/tdpsg_user_accounts.htm
6/11
9/29/13
The Database Home page appears. 3. Click Server to display the Server subpage. 4. In the Security section, click Users. The Users page lists the user accounts created for the current database instance. The Account Status column indicates whether an account is expired, locked, or open. 5. In the Select column, select the account you want to expire, and then click Edit. The Edit User page appears. 6. Do one of the following: To expire a password, click Expire Password now. To unexpire the password, enter a new password in the Enter Password and Confirm Password fields. See "Requirements for Creating Passwords" for password requirements. To lock the account, select Locked. 7. Click Apply.
Hide Navigation
Search
This Book Entire Library Reference Database Library Master Index Master Glossary Book List Data Dictionary SQL Keywords Acronyms Initialization Parameters Advanced Search Error Messages Categories Installation Getting Started Administration Application Development Grid Computing High Availability Data Warehousing Content Management and Unstructured Data Information Integration Security Favorites This Page About Securing Oracle Database
See Also: "Finding and Changing Default Passwords" for information about changing user passwords "Expiring and Locking Database Accounts" for information about locking accounts and expiring passwords "Predefined User Accounts Provided by Oracle Database" a description of the predefined user accounts that are created when you install Oracle Database Oracle Database 2 Day DBA for an introduction to password policies
docs.oracle.com/cd/B28359_01/server.111/b28337/tdpsg_user_accounts.htm
7/11
9/29/13
Oracle Database Security Guide for detailed information about managing passwords
The D B A _ U S E R S _ W I T H _ D E F P W Dlists the accounts that still have user default passwords. For example:
U S E R N A M E S C O T T
3. Change the password for the accounts the D B A _ U S E R S _ W I T H _ D E F P W Ddata dictionary view lists. For example, to change the password for user S C O T T , enter the following:
P A S S W O R DS C O T T C h a n g i n gp a s s w o r df o rS C O T T N e wp a s s w o r d :p a s s w o r d R e t y p en e wp a s s w o r d :p a s s w o r d P a s s w o r dc h a n g e d
Replace p a s s w o r dwith a password that is secure, according to the guidelines listed in "Requirements for Creating Passwords". For greater security, do not reuse the same password that was used in previous releases of Oracle Database. Alternatively, you can use the A L T E RU S E RSQL statement to change the password:
A L T E RU S E RS C O T TI D E N T I F I E DB Yp a s s w o r d ;
You can use Database Control to change a user account passwords (not just the default user account passwords) if you have administrative privileges. Individual users can also use Database Control to change their own passwords. To use Database Control to change the password of a database account:
docs.oracle.com/cd/B28359_01/server.111/b28337/tdpsg_user_accounts.htm 8/11
9/29/13
1. Start Database Control. See Oracle Database 2 Day DBA for instructions about how to start Database Control. 2. Enter an administrator user name and password (for example, S Y S T E M ), and then click Login. 3. Click Server to display the Server subpage. 4. In the Security section, click Users. The Users page lists the user accounts created for the current database instance. The Account Status column indicates whether an account is expired, locked, or open. 5. In the Select column, select the account you want to change, and then click Edit. The Edit User page appears. 6. Enter a new password in the Enter Password and Confirm Password fields. 7. Click Apply.
See Also: Oracle Database Security Guide for additional methods of configuring password protection "Predefined User Accounts Provided by Oracle Database"
9/29/13
You can find information about user accounts by querying the D B A _ U S E R Sview. This view contains a column for passwords, but for stronger security, Oracle Database encrypts the data in this column. The D B A _ U S E R Sview provides useful information such as the user account status, whether or not the account is locked, and password versions. You can query D B A _ U S E R S as follows:
S Q L P L U SS Y S T E M E n t e rp a s s w o r d :p a s s w o r d C o n n e c t e d . S Q L >S E L E C T*F R O MD B A _ U S E R S ;
Oracle also recommends, if possible, using Oracle Advanced Security (an option to Oracle Database Enterprise Edition) with network authentication services (such as Kerberos), token cards, smart cards, or X.509 certificates. These services provide strong authentication of users, and provide better protection against unauthorized access to Oracle Database.
See Also: Oracle Database Security Guide for more information about password management Oracle Database Security Guide for additional views you can query to find information about users and profiles Oracle Database Advanced Security Administrator's Guide for more information about Oracle Database Advanced Security
P A S S W O R D _ L O C K _ T I M E
P A S S W O R D _ R E U S E _ M A X
docs.oracle.com/cd/B28359_01/server.111/b28337/tdpsg_user_accounts.htm
U N L I M I T E D
9/29/13
before the current password can be reused. P A S S W O R D _ R E U S E _ T I M E U N L I M I T E D Sets the number of days before which a password cannot be reused.
Note: You can use most of these parameters to create a user profile. See Oracle Database Security Guide for more information about user profile settings.
To modify an initialization parameter, see "Modifying the Value of an Initialization Parameter". For detailed information about initialization parameters, see Oracle Database Reference andOracle Database Administrator's Guide.
Need an example? Tell us more. Reader Comment subject from Anonymous (or Sign In)
Comments, corrections, and suggestions are forwarded to authors every week. By submitting, you confirm you agree to the terms and conditions. Use the OTN forums for product questions. For support or consulting, file a service request through My Oracle Support.
Submit
Previous Next 2011, Oracle and/or its affiliates. All rights reserved. Home Book Contents Index Master Contact List Index Legal Notices
Copyright 2006,
docs.oracle.com/cd/B28359_01/server.111/b28337/tdpsg_user_accounts.htm
11/11