See Also:Oracle Database 2 Day + Security Guide for information about Oracle Database security
This chapter contains the following topics:
To create a database user, you must be logged in as a system administrator. You can use any tool that transmits SQL to the database, for example Database Control, SQL*Plus, or SQL Developer.
To create a database user in SQL*Plus:
From the Windows Start menu, select the Oracle home of the local database.
Note:If there are n database installations, they will appear as
nin the Start menu.
Each of these refers to a separate
ORACLE_HOME. Be sure to select the appropriate one.
Choose Application Development.
Log in with system privileges.
Enter user-name: sys / as sysdba Enter password: password
To create a user named
dmuser, type these commands. Specify a password of your choosing.
CREATE USER dmuser IDENTIFIED BY password DEFAULT TABLESPACE USERS TEMPORARY TABLESPACE TEMP QUOTA UNLIMITED ON USERS; Commit;
TEMP tablespaces. These tablespaces are included in the starter database that was created during the installation, and they are typically included in a database by default. (See "Install Oracle Database"). The
TEMP tablespaces are generally assigned to users that generate examples and demonstrations.
Note:Tablespaces for Data Mining users should be assigned according to standard DBA practices, depending on system load and system resources.
To login as
dmuser, type the following.
CONNECT dmuser Enter password: password
Oracle Database 2 Day DBA for an introduction to creating database users
Oracle Database SQL Language Reference for the complete syntax of the
CREATE USER statement
A set of basic privileges is required for data mining. Some may not be required for all mining activities, however it is prudent to grant them all as a group. The
GRANT statements in Example 4-1 grant these privileges to
dmuser.You could execute these statements in SQL*Plus after logging in with system privileges.
GRANT CREATE JOB TO dmuser; GRANT CREATE MINING MODEL TO dmuser; -- required for creating models GRANT CREATE PROCEDURE TO dmuser; GRANT CREATE SEQUENCE TO dmuser; GRANT CREATE SESSION TO dmuser; GRANT CREATE SYNONYM TO dmuser; GRANT CREATE TABLE TO dmuser; GRANT CREATE TYPE TO dmuser; GRANT CREATE VIEW TO dmuser; GRANT EXECUTE ON ctxsys.ctx_ddl TO dmuser; -- required for text mining GRANT SELECT ON data TO dmuser; -- required for data that is not in your schema
Additional access rights are required for exporting and importing mining models, as described in "Exporting and Importing Mining Models".
Note:To create a user for the Data Mining sample programs, you need to run two configuration scripts as described in "Installation and Setup".
A system privilege confers the right to perform a particular action in the database or to perform an action on a type of schema objects. For example, the privileges to create tablespaces and to delete the rows of any table in a database are system privileges.
To grant a system privilege, you must either have been granted the system privilege with the
ADMIN OPTION or have been granted the
GRANT ANY PRIVILEGE system privilege.
The system privileges listed in Table 4-1 control operations on mining models.
|System Privilege||Allows you to ....|
Create mining models in your own schema.
Create mining models in any schema.
Change the name or cost matrix of any mining model in any schema.
Drop any mining model in any schema.
Apply (score) a mining model in any schema, also view model details in any schema.
Add a comment to any mining model in any schema. (See "Adding a Comment to a Mining Model".)
Generate an audit trail for any mining model (or any object) in any schema. (See "Auditing Mining Models".)
The following statements allow
dmuser to score models and view model details in any schema as long as
SELECT access has been granted on the data. However,
dmuser can only create models in the
GRANT CREATE MINING MODEL TO dmuser; GRANT SELECT ANY MINING MODEL TO dmuser;
The following statement revokes the privilege of scoring or viewing model details in other schemas. When this statement is executed,
dmuser can only perform data mining activities in the
REVOKE SELECT ANY MINING MODEL FROM dmuser;
An object privilege confers the right to perform a particular action on a specific schema object. For example, the privilege to delete rows from the
SH.PRODUCTS table is an example of an object privilege.
A user automatically has all object privileges for schema objects in the user's own schema. A user can grant object privilege on objects in the user's own schema to other users or roles.
The object privileges listed in Table 4-2 control operations on specific mining models.
|Object Privilege||Allows you to ....|
The following statements allow
dmuser to apply the model
testmodel to the
sales table, specifying different cost matrixes with each apply. The user
dmuser can also rename the model
testmodel model and
sales table are in the
sh schema, not in the
GRANT SELECT ON MINING MODEL sh.testmodel TO dmuser; GRANT ALTER ON MINING MODEL sh.testmodel TO dmuser; GRANT SELECT ON sh.sales TO dmuser;
This statement prevents
dmuser from renaming or changing the cost matrix of
dmuser can still apply
testmodel to the
REVOKE ALTER ON MINING MODEL sh.testmodel FROM dmuser;
See Also:Chapter 5 for information on mining model schema objects