1
Managing Users

Estimated completion time: 30 minutes

This chapter shows you how to use Oracle WebDB to manage WebDB users. You'll learn how to create new users and give users task-related job privileges.

WebDB is installed in an Oracle database. To access WebDB, users must have a user account with a user name and password set up in the database where WebDB is installed. If a WebDB user does not already have a user account, you can use WebDB to create one. When you create a new user account, a schema is also created in the database which can be used to store database objects and WebDB components. The schema name is the same as the user name.

Note: The terms user and schema are often used synonymously.

This chapter includes the following sections:

Section
"Before You Begin"
"Creating a New User"
"Adding a User to a Role"
"Granting Browse In and Build In Privileges to a User"
"Granting Database Object Privileges to a User"
"Creating a new role"
"What's Next?"

1.1 Before You Begin

• To complete this chapter, you must be a DBA (that is, you must be a member of the DBA role). If you are not a DBA, you will not be able to access WebDB's user, role, and privilege management features. If you need to be added to the DBA role, ask your DBA.

• At least one tablespace must exist to store database objects and to be used for temporary operations. If an appropriate tablespace does not already exist, create it now. We recommend that you create two tablespaces called USERS and TEMP.

  For information about how to create tablespaces, see your Oracle Server documentation.

• If you have not already started WebDB, follow the instructions in "Oracle WebDB Basic Concepts, Starting Oracle WebDB".

1.2 Creating a New User

Users who already have a user account in the database can already log on to WebDB using their user name and password. You can use WebDB to create user accounts for new users and to manage existing user accounts, without ever having to leave your Web browser.

A new employee, MILLER, has joined your company. He does not have access to any databases and you have been asked to give him access to Oracle WebDB.

1. If you are not currently on your WebDB home page, clickat the top right of the page.

2. Click Administer.

   Note: If you cannot see the Administer link, you are probably not a DBA. Ask your DBA to add you to the DBA role.

   Tip: You can also clickin the toolbar at the bottom of any page to display the Administer page.

3. Click User Manager.

   Note: If you cannot see the User Manager link, you are probably not a DBA. Ask your DBA to add you to the DBA role.

   The page displayed contains three panels. For this exercise you will use the Create a New User panel.

   
   
4. In the User name field, type MILLER_<NAME>, where NAME is your own user name.

   For the purposes of this tutorial, you add your own user name to the end to identify this user as the one created by you, rather than one created by another tutorial user.

   Tip: We recommend that you use a consistent naming convention for user names.

5. In the Password field, type CHANGEME.

   This is the password MILLER will use to log on to WebDB.

   Tip: You should instruct new users to change their password the first time they log on.

6. In the Confirm Password field, type CHANGEME to confirm that this is the password you want to use.

7. In the Default Tablespace list, choose the tablespace to be used to store any database objects created by MILLER (for example, USERS).

   You, or another DBA, should have created this tablespace before you started this chapter. We recommend that all users use the same default tablespace.

8. In the Temporary Tablespace list, choose the tablespace to be used for temporary operations, such as sorting table rows (for example, TEMP).

   You, or another DBA, should have created this tablespace before you started this chapter. We recommend that all users use the same temporary tablespace.

9. In the ORACLE Profile list, make sure DEFAULT is selected.

   A profile specifies the amount of system and database resources available to a user. For more information about profiles, see your Oracle Server documentation.

10. Click Create to create the user account and display the User Manager, which you will use in the next exercise.

    
    

1.3 Adding a User to a Role

To use WebDB, a user must be a member of one of the following roles. These roles control the user's view of WebDB itself:

• The DBA role provides the user with access to all WebDB menus.

• The WEBDB_DEVELOPER role provides the user with access to the WebDB menus for building applications.

MILLER is a member of the Application Development department. As he will be building applications, he needs to be added to the WEBDB_DEVELOPER role.

1. In the User Manager, click the Roles tab.

   
   

2. Clickto display a list of the roles to which you can add MILLER.

   Tip: You can restrict the search by typing search criteria in the field at the top of the list. For example, to find all roles beginning with W type W% in the field and click Find.

   
   
3. Click Next to page through the roles if necessary and click WEBDB_DEVELOPER (Role).

   WEBDB_DEVELOPER is displayed in the Role field on the User Manager: Roles page.

4. Click Add to add WEBDB_DEVELOPER to the Is Member of list.

   To add MILLER to more roles, you would repeat Steps 2 through 4 for each role. You can use the User Manager to add a user to any existing Oracle database role, not just those associated with WebDB.

5. Click Apply to save your changes.

   WARNING: If you do not click Apply, your changes will not be preserved when you leave the current page of the User Manager.

   Tip: The recommended method for adding a user to the WEBDB_DEVELOPER role is to check WebDB Developer on the User Manager: User page. This also grants the user Build In privileges on his or her own schema. You will learn about Build In privileges in Section 1.4, "Granting Browse In and Build In Privileges to a User".

   In this exercise you learned how to use the User Manager to add a single user to multiple roles. In Section 1.6.2, "Adding a user to a role" you will learn how to use the Role Manager to add multiple users to a single role.

1.4 Granting Browse In and Build In Privileges to a User

Database objects and WebDB components are stored in database schemas. To view database objects, users need to be granted Browse In privileges on the schema that contains the object. To build objects and components in a schema, users need to be granted Build In privileges on the schema.

• Browse In privileges enable users to use the Browse feature to browse a schema for objects such as tables, views, and procedures on which a component will be based. Users can also browse for other objects such as functions or triggers that can be included in the component. By default, users have Browse In privileges in their own schema.

  Note: Browse In privileges only enable users to browse the schema. They do not enable users to build components based on or including database objects in the schema. To build a component based on objects in a schema, users must be building the component in one of the following: The schema that contains the objects A schema that has been explicitly granted database object privileges on the objects You'll learn how to grant database object privileges to a user in Section 1.5, "Granting Database Object Privileges to a User".

• Build In privileges enable users to build database objects and WebDB components in a schema. All components built in the schema are owned by that schema, regardless of who built them. Granting a user Build In privileges on a schema automatically grants the user Browse In privileges on the schema.

  Note: To grant a user Build In privileges on a schema other than his or her own, the schema must have been identified as a component schema. To identify a schema as a component schema, check Component Building Schema on the User Manager: User page for the schema.

The Application Development department requires that all developers build their applications in the SCOTT schema. MILLER needs to be granted Build In privileges on that schema.

1. In the User Manager, click the Build Privileges tab.

   
   

   The Available Privileges list lists the schemas on which you can grant MILLER Build In privileges. You can grant a user Build In privileges on his or her own schema and on any component schema. The Current Privileges list lists the schemas on which MILLER already has Build In privileges.

2. In the Available Privileges list, choose SCOTT.

   Tip: You can choose more than one schema. For example in Microsoft Windows, press Ctrl and choose the schemas on which you want to grant the user Build In privileges.

3. Click Add to add the SCOTT schema to the Current Privileges list.

4. Click Apply to save your changes.

   WARNING: If you do not click Apply, your changes will not be preserved when you leave the current page of the User Manager.

   Tip: If you add a user to the WEBDB_DEVELOPER roles by checking WebDB Developer on the User Manager: User page, that user is automatically granted Build In privileges on his or her own schema. This is the recommended method for adding a user to the WEBDB_DEVELOPER role.

1.5 Granting Database Object Privileges to a User

To build components based on database objects, the schema where the component will be stored must have the appropriate privileges on those objects. For example, to build a report in the SCOTT schema based on a table in the FRED schema, the SCOTT schema must be granted SELECT privileges on the table. A schema automatically has privileges on all database objects stored in it. For example, the SCOTT schema automatically has privileges on all database objects in the SCOTT schema.

Note: These privileges must be explicitly granted directly to the schema. You cannot use roles to grant these privileges.

In the previous exercise you granted MILLER Build In privileges on the SCOTT schema. MILLER can now build a component in the SCOTT schema based on a table in the SCOTT schema, because the SCOTT schema automatically has privileges on all objects in the SCOTT schema.

However, if MILLER wants to build a component in his own schema (the MILLER schema) based on a table in the SCOTT schema, the MILLER schema needs to be explicitly granted privileges on the table (but remember before he can build components, MILLER also needs to be granted Build In privileges on the MILLER schema).

1. In the User Manager, click the Grants tab.

   
   

2. Clickto display a list of the objects on which you can grant MILLER privileges.

3. In the field at the top of the list type S% and click Find to find all objects that start with an S.

4. Click Next to page through the objects if necessary and click SCOTT.EMP.

   SCOTT.EMP is displayed in the Object field on the User Manager: Grants page.

5. Click Add to add SCOTT.EMP under Tables/Views (SCOTT.EMP is a table).

6. Check Select, Insert, Update, and Delete to grant MILLER those privileges on the table.

   To grant MILLER database object privileges on more objects, you would repeat Steps 2 through 6 for each object.

7. Click Apply to save your changes.

   WARNING: If you do not click Apply, your changes will not be preserved when you leave the current page of the User Manager.

   In this exercise you learned how to use the User Manager to grant a single user database object privileges on multiple objects. You can use the Grant Manager to grant multiple users database object privileges on a single object. For more information about the Grant Manager, see the WebDB online help.

1.6 Creating a new role

Developers may want to enable a group of users to run a component. For example, a developer might create a report to display employee information and want all members of the Human Resources department to be able to run the report. You can create a role and add each user in the group to the role. The developer can then grant execute privileges to the role, rather than to each individual user.

Developers can also use roles to provide menu security.

Note: In WebDB you use roles to grant component execute privileges for running components. You cannot use roles to grant database object privileges for building components. These privileges must be explicitly granted directly to the schema where the component will be stored.

1.6.1 Creating a role

The Application Development department is building a Human Resources application. Members of the Human Resources department will need to be able to run the components in that application. First, let's create a Human Resources role.

1. In the toolbar at the bottom of the page, clickto return to the Administer page.

2. Click Role Manager.

   The page displayed contains three panels. For this exercise you will use the Create a New Role panel.

   
   
3. In the Role field, type HR_<NAME>, where NAME is your own user name.

   For the purposes of this tutorial, you add your own user name to the end to identify this role as the one created by you, rather than one created by another tutorial user.

4. Click Create to create the role and display the Role Manager, which you will use in the next exercise.

   
   

1.6.2 Adding a user to a role

Now let's identify the members of the new role you have created. In Section 1.3, "Adding a User to a Role" you learned how to add a single user to multiple roles. In this exercise you'll learn how to add multiple users to a single role.

1. In the Role Manager, clickto display a list of the users and roles you can add to the role.

2. In the field at the top of the list type M%R% and click Find to find all users and roles that start with an M and contain an R.

3. Click Next to page through the users and roles if necessary and click MILLER_<NAME> (User), where NAME is your own user name to choose the user you created earlier in this chapter.

   MILLER_<NAME> is displayed in the User/Role field of the Role Manager.

4. Click Add to add MILLER to the Members list.

   To add more members to the HR role, you would repeat Steps 1 through 4 for each user or role.

5. Click Apply to save your changes.

   When developers create components for the Human Resources application, they can grant execute privileges to members of the HR role in a single operation, rather than having to grant privileges to each user individually.

1.7 What's Next?

In this chapter you learned how to:

• Create a new user

• Add a user to a role

• Grant Build In and Browse In privileges to a user

• Grant database object privileges to a user

• Create a new role and add users to that role

If you will be creating database objects or WebDB components, see Chapter 2, "Building and Browsing Database Objects".

If you will be creating WebDB sites, see Chapter 5, "Creating WebDB Sites".