alter user <username> identified by <password>; alter user <username> account lock; alter user <username> password expire;

alter user <username> profile <profile> ; revoke <privilege> [on <object name>] from <user|role> ; grant <privilege> to <user|role> ; [ on <object name>]

insert, alter, delete, select, update execute, alter

Auditing Configuration Audit_Trail_Settings OS DB DB, EXTENDED XML XML, EXTENDED OS -> AUDIT_SYSLOG_LEVEL Audit Shortcut database link directory grant <object> index procedure profile public database link public synonym role system audit system grant table user view 10.2 x x x x x x 11. X x x x x x x

audit <audit> [on <object name>] [whenever successful|not successful] [by <user>] [by session] [by access] ; Important System And Objects Privileges Object Database Database Links Directories Indexes Procedures Profiles Roles Sessions Synonyms Tables Triggers Users Views Miscellaneous Object Table View Sequence Procedure, Function, Package Materialized View Directory Library Object Type Grantable System Priviliges
alter database , alter system , audit system create database link , create public database link , drop public database link create any directory, drop any directory create any index, alter any index, drop any index create procedure, create any procedure , alter any procedure, drop any procedure, execute any procedure create profile, alter profile, drop profile create role, alter any role, drop any role, grant any role create session , alter resource cost , alter session , restricted session create synonym, create any synonym, create public synonym, drop any synonym, drop public synonym create table, create any table, alter any table, backup any table, delete any table, drop any table, insert any table, lock any table, select any table, flashback any table, update any table create trigger, create any trigger, alter any trigger, drop any trigger, administer database trigger, any trigger create user, alter user create view, create any view, drop any view, under any view, flashback any table, merge any view analyze any, audit any, become user, exempt policy, grant any object privilege, grant any privilege select any dictionary, sysdba, sysoper

SQL Statement Audited

create database link, drop database link create directory, drop directory grant <privilege> on <object>, revoke <privilege> from <object> create index, alter index, analyze index, drop index create function, create library, create package, create package body, create procedure, drop function, drop library, drop package, drop procedure create profile, alter profile, drop profile create public database link, drop public database link create public synonym, drop public synonym create role, alter role, drop role, set role audit, noaudit grant, revoke (system privileges and roles only) create table, drop table, truncate table create user, alter user, drop user create view, drop view alter system, not exists, session, execute procedure, select table, update t able, insert table, delete table, alter table

Grantable Object Priviliges

alter, delete, debug, flashback, on commit refresh, query rewrite, index, insert, references, select, update debug, delete, flashback, insert, references, select, under, update alter, select debug, execute delete, flashback, on commit refresh, query rewrite, select, insert, update read, write, execute (11g) execute debug, execute, under

ORACLE SECURITY

Useful SQL Security Statements

Indextype Operator Edition Mining Model OLAP Scheduler

execute execute use alter, select

QUICK REFERENCE
Download this and our other Quick Reference guides from our website: www.tm-infotech.com
* Any commercial product names herein are trademarks, registered trademarks or service marks of their respective owners. TM INFOTECH does not warrant that this document is error-free. In no event shall be liable for any consequential or incidental damages.

Standard Oracle Database Accounts Standard Oracle Database accounts that may be present depending on the database version and installed options User Name Default Password Source SYS CHANGE_ON_INSTALL Installation SYSTEM MANAGER Installation ANONYMOUS ANONYMOUS XDB CTXSYS CTXSYS Oracle Text DBSNMP DBSNMP Intelligent Agent DIP DIP Internet Dir DMSYS DMSYS Data Mining EXFSYS EXFSYS Expression Filters LBACSYS LBACSYS Label Security MDDATA MDDATA Spatial MDSYS MDSYS Spatial MGDSYS MGDSYS ODM ODM Data Mining ODM_MTR MTRPW Data Mining OLAPDBA OLAPDBA OLAP OLAPSVR OLAPSVR OLAP OLAPSYS OLAPSYS OLAP ORACLE_OCM ORACLE_OCM Config Mgr ORDPLUGINS ORDPLUGINS interMedia ORDSYS ORDSYS interMedia OUTLN OUTLN Plans OWBSYS OWBSYS RMAN RMAN RMAN SCOTT TIGER Sample SI_INFORMTN SI_INFORMTN_ interMedia _SCHEMA SCHEMA SYSMAN OEM_TEMP OEM TSMSYS TSMSYS Migration WK_TEST WK_TEST Ultra Search WKPROXY CHANGE_ON_INSTALL Ultra Search WKSYS CHANGE_ON_INSTALL Ultra Search WMSYS WMSYS Workspace Mgr XDB CHANGE_ON_INSTALL XDB To change an account password SQL> alter user <name> identified by <password> A simplistic check for the above passwords in 11g and later SQL> select * from sys.dba _ users_with _defpwd ; Password Controls And Proflies A custom PASSWORD_VERIFY_FUNCTION must be created to enforce password length and complexity for all database accounts see $ORACLE_HOME/rdbms/admin/ utlpwdmg.sql for example 11g initialization parameter sec_case_sensitive_logon = true. may be used to allow case sensitive passwords. Unit 10g 11g Resource Name
FAILED_LOGIN_ATTEMPTS 1 PASSWORD_GRACE_TIME PASSWORD_LIFE_TIME PASSWORD_LOCK_TIME PASSWORD_REUSE_MAX 2 PASSWORD_REUSE_TIME 2 Attempts Days Days Days Passwords Days 10 unlimited unlimited unlimited unlimited unlimited 10 7 180 1 unlimited unlimited

The SYS account is exempt from the FAILED_LOGIN_ATTEMPTS settings, therefore, cannot be locked due to excessive number of failed logins. 2 PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME work in conjunction -- setting PASSWORD_REUSE_MAX to 5 and PASSWORD_REUSE_TIME to 360 days will not allow a user to reuse the same password for at least 5 pas swords and in a 360 day period. Setting either value to UNLIMITED never permits a user to reuse the same password. To set a password profile parameter
1

Path $ORACLE_HOME $ORACLE_HOME/bin $ORACLE_HOME/dbs $ORACLE_HOME/dbs $ORACLE_HOME/network/admin init.ora audit_file_dest init.ora background_dump_dest init.ora core_dump_dest init.ora diagnostic_dest init.ora control files init.ora log_archive_dest_n init.ora user_dump_dest Unix/Linux umask

Files all all init.ora spfile.ora listener.ora sqlnet.ora all all all all control files all all oracle account

Nix Perm 750 751 644 640 644 600 660 660 660 640 750 660 022 Suggest FALSE ALWAYS (null) TRUE FALSE (null) NONE TRUE 3 DELAY,2

SQL> alter profile <profile <resource name> <value>

name> limit ;

Critical Patch Update (CPU) CPU patches are released quarterly in January, April, July, and October. Database Version Includes The Following Critical Patch Update October 2010 10.2.0.5 11.1.0.6 October 2007 January 2009 11.1.0.7 11.2.0.1 January 2010 11.2.0.2 January 2011 11.2.0.3 October 2011 To see latest installed Critical Patch Update SQL> select * from sys.registry$history Apply the latest Critical Patch Update when performing upgrades. Security Related Sys Views And Tables Users and Roles dba_users dba_users_with_defpwd dba_profiles dba_proxies Privileges dba_col_privs dba_role_privs dba_sys_privs dba_tab_privs Auditing aud$ dba_audit_exists dba_audit_object dba_audit_session dba_audit_statement dba_audit_trail dba_common_audit_trail dba_obj_audit_opts dba_priv_audit_opts dba_stmt_audit_opts stmt_audit_option_map Other Security dba_encrypted_columns dba_java_policy dba_network_acls dba_network_acl_privileges dba_roles user$ user$history v$pwfile_users dba_connect_role_grantees system_privilege_map table_privilege_map dba_ts_quotas

Security Related Initialization Parameters Parameter Default Security Settings _trace_files_public db_securefile (11g) dispatches (XDB) global_names o7_dictionary_accessibility remote_listener remote_login_passwordfile sec_case_sensitive_logon (11g) sec_max_failed_login_attempts (11g) sec_protocol_error_further _action (11g) sec_protocol_error_trace_action (11g) sec_return_server_release_ banner (11g) sql92_security utl_file_dir OS Authentication os_authent_prefix os_roles remote_os_authent remote_os_roles Auditing audit_trail audit_sys_operations audit_syslog_level (10.2+) NONE FALSE (null) ops$ FALSE FALSE FALSE FALSE PERMITTED XDB setting FALSE FALSE (null) SHARED TRUE 10

TRACE FALSE FALSE (null)

LOG FALSE TRUE (null) (null) FALSE FALSE FALSE not NONE TRUE local1.info

dba_audit_policies dba_audit_policy_columns dba_fga_audit_trail fga_log$

dba_policies dba_policy_contexts dba_policy_groups registry$history