| Default Users |
| Username |
Default Password |
Account Description |
| SYS |
change_on_install |
All of the base tables and views for the database's data dictionary
are stored in the schema SYS. These base tables and views are critical for the
operation of Oracle. To maintain the integrity of the data dictionary, tables in
the SYS schema are manipulated only by Oracle; they should never be modified by
any user or database administrator, and no one should create any tables in the
schema of the user SYS.
The DBA should change the password for SYS immediately after database
creation!!!
|
| SYSTEM |
manager |
The SYSTEM username creates additional tables and views that display
administrative information, and internal tables and views used by Oracle tools.
Never create in the SYSTEM schema tables of interest to individual users.
SYSTEM is a little bit "weaker" user than SYS, for example, it has no access
to so called X$ tables (the very internal structure tables of Oracle).
Although in real life you may be in a situation when some product or whatever
you want to create objects in above mentioned user's schemas. Be flexible, don't
sacriface a product only because it will create some objects in SYS or SYSTEM
schema
The DBA should change the password for SYSTEM immediately after database
creation!!!
|
| DBSNMP |
dbsnmp |
Supports Oracle SNMP (Simple Network Management Protocol).
The Oracle Intelligent Agent requires a database logon for each SID that it
manages. By default this account is called "DBSNMP" and the password is
"DBSNMP". The account name and/or password SHOULD be changed from the default
but you will need to make a few additional modifications. In the examples below,
you will need to replace any information with brackets < > with the
information from your system.
- Remove all Jobs and Events currently registered against this database.
- Stop the Intelligent Agent
Oracle7 - Oracle8i
% lsnrctl dbsnmp_stop
Oracle9i
% agentctl stop
- Edit the $ORACLE_HOME/network/admin/snmp_rw.ora file. Add the following
parameter:
SNMP.CONNECT..NAME=
SNMP.CONNECT..PASSWORD=
The variable is the exact listing of the database name
as it appears in the snmp_ro.ora file.
If is the default (DBSNMP), there is no need to specify the
user here. Only the password is required.
On UNIX, set the following permission on the "SNMP_RW.ORA" file:
% chmod 600 snmp_rw.ora
- Change the DBSNMP password on the database. You can use either Security
Manager, Sqlplus, or Server Manager. If you use SQLPlus or Server Manager, you
can issue the following command:
SQL> alter user "dbsnmp" identified by "";
- Stop and restart the Intelligent Agent.
|
| OUTLN |
outln |
Oracle8i adds the OUTLN user schema to support Plan Stability. The
OUTLN user acts as a place to centrally manage metadata associated with stored
outlines.
This user has DBA role. It is used for plan stability ie. to keep the same
execution plans for the same queries even if your system configuration or
statistics changes. Execution plans will be the same in different Oracle
releases with different optimizers.
The DBA should either lock the user account or change the password for the
OUTLN user immediately after database creation!!!
|
| MDSYS |
mdsys |
Supports Oracle Spatial. Oracle Spatial is an integrated set of
functions and procedures that enables spatial data to be stored, accessed, and
analyzed quickly and efficiently in an Oracle8i database.
[..] The spatial attribute of a spatial feature is the geometric
representation of its shape in some coordinate space. This is referred to as its
geometry.
The DBA should either lock the user account or change the password for the
MDSYS user immediately after database creation!!!
|
| ORDSYS |
ordsys |
Supports Oracle8i Time Series. Oracle8i Time Series (in previous
releases called the Oracle8 Time Series Cartridge) is an extension to Oracle8i
that provides storage and retrieval of timestamped data through object types.
Oracle8i Time Series is a building block for applications rather than being an
end-user application in itself. It consists of data types along with related
functions for managing and processing time series data.
The DBA should either lock the user account or change the password for the
ORDSYS user immediately after database creation!!!
|
| ORDPLUGINS |
ordplugins |
Supports Oracle interMedia. Oracle interMedia is a single product
that enables Oracle8i to store, manage, and retrieve text, documents, geographic
location information, images, audio, and video in an integrated fashion with
other enterprise information. Oracle interMedia extends Oracle8i reliability,
availability, and data management to text and multimedia content in Internet,
electronic commerce, and media-rich applications as well as online
Internet-based geocoding services for locator applications.
The DBA should either lock the user account or change the password for the
ORDPLUGINS user immediately after database creation!!!
|
| CTXSYS |
ctxsys |
Supports Oracle ConText Cartridge. Oracle8 ConText Cartridge provides
powerful search, retrieval, and viewing capabilities for text stored in an
Oracle8 database. In addition, ConText provides advanced linguistic processing
of English-language text.
The DBA should either lock the user account or change the password for the
CTXSYS user immediately after database creation!!!
|
| DSSYS |
dssys |
Dynamic Services Secured Web Service. Dynamic Services Engine (DS
Engine) allows creation, aggregation and deployment of services from a variety
of content sources. At the moment, Dynamic Services supports content access from
databases (SQL/PLSQL) as well as Internet applications (HTTP/HTTPS). DS Engine
can interpret XML and HTML content along with the result sets returned from
database access. DS Engine is integrated with Oracle Portal via a Web Provider
mechanism. This integration allows all the services registered with DS Engine to
be accessible as portlets.
The DBA should either lock the user account or change the password for the
DSSYS user immediately after database creation!!!
|
| PERFSTAT |
perfstat |
Oracle Statistics Package (STATSPACK) user that supersedes
UTLBSTAT/UTLESTAT. The PERFSTAT user will hold all of the tables and packages
for the performance diagnostic tool STATSPACK.
Created By: $ORACLE_HOME/rdbms/admin/spcusr.sql
|
| WKPROXY |
change_on_install |
Used to support Oracle's Ultrasearch option. This feature (and user)
was introduced in Oracle9i. The user account IS NOT locked by default is only
assigned the "CREATE SESSION" privilege. None the less, this account is not
locked by default and Oracle highly recommends that this default password be
changed.
Created By: $ORACLE_HOME/ultrasearch/admin/wk0csys.sql
|
| WKSYS |
change_on_install |
Used to support Oracle's Ultrasearch option. This feature (and user)
was introduced in Oracle9i. The user account IS NOT locked by default and as you
can see below, is granted the highly privileged role of DBA. Given that this
user is granted the DBA role and is not locked by default, Oracle highly
recommends that this default password be changed.
This support account is assigned the following privileges in Oracle9i:
- CONNECT
- RESOURCE
- DBA
- ALL PRIVILEGES
- CTXAPP
- CREATE PUBLIC SYNONYM
- DROP PUBLIC SYNONYM
- CREATE ANY VIEW
- DROP ANY VIEW
- CREATE ANY TABLE
- DROP ANY TABLE
- CREATE ANY INDEX
- DROP ANY INDEX
- CREATE ANY SEQUENCE
- DROP ANY SEQUENCE
- CREATE ANY TRIGGER
- DROP ANY TRIGGER
- JAVAUSERPRIV
- JAVASYSPRIV
- SELECT ON SYS.USER$
- SELECT ON SYS.V_$PARAMETER
- SELECT ON SYS.GV_$INSTANCE
- SELECT ON SYS.V_$DATABASE
- SELECT ON SYS.DBA_CONSTRAINTS
- SELECT ON SYS.DBA_JOBS
- SELECT ON SYS.DBA_DB_LINKS
- SELECT ON SYS.DBA_ROLE_PRIVS
- SELECT ON SYS.DBA_LOCK
- SELECT ON SYS.DBMS_LOCK_ALLOCATED
- SELECT ON SYS.PROCEDURE$
- SELECT ON SYS.DBA_TABLES
- SELECT ON SYS.DBA_VIEWS
- SELECT ON SYS.DBA_TAB_COLUMNS
- EXECUTE ON SYS.DBMS_LOCK
- EXECUTE ON SYS.DBMS_PIPE
- EXECUTE ON SYS.DBMS_REGISTRY
The default tablespace for this user will be "DRSYS" while its temporary
tablespace will be "TEMP".
Created By: $ORACLE_HOME/ultrasearch/admin/wk0install.sql
|
| WMSYS |
wmsys |
Used to store all the metadata information for Oracle Workspace
Manager. This user was introduced in Oracle9i and (like most Oracle9i supporting
accounts) is locked by default. The user account is locked because we want the
password to be public but restrict access to the account to the SYS schema. So,
to unlock the account, DBA privileges are required.
Created By: $ORACLE_HOME/rdbms/admin/owmctab.plb
|
| XDB |
change_on_install |
Used to support SQL XML management: XML DB. This user is granted two
roles: "RESOURCE" and "JAVAUSERPRIV". Oracle recommends changing the password
for this user after creation. This user is configured with a default tablespace
of "XDB" and a temporary tablespace of "TEMP".
Created By: $ORACLE_HOME/rdbms/admin/catqm.sql
|
| ANONYMOUS |
...IDENTIFIED BY VALUES 'anonymous' |
Used to support SQL XML management: XML DB. Allows HTTP access to
Oracle XML DB. This user should only be used for HTTP logins. The account is
locked near the end of the catqm.sql script.
Created By: $ORACLE_HOME/rdbms/admin/catqm.sql
|
| ODM |
odm |
Used to support Oracle Data Mining. In Oracle9i, this user is granted
the roles: "SELECT_CATALOG_ROLE", "HS_ADMIN_ROLE", "AQ_USER_ROLE". Oracle
recommends changing the default password as the account IS NOT locked after
creation. The default tablespace for this user is "ODM" with temporary
tablespace "TEMP". The "ODM" tablespace is populated with segments from users
ODM and ODM_MTR.
Created By: $ORACLE_HOME/dm/admin/dmcrt.sql
|
| ODM_MTR |
mtrpw |
Used to support Oracle Data Mining. In Oracle9i, this user is granted
"SELECT_CATALOG_ROLE" and "HS_ADMIN_ROLE". Oracle recommends changing the
default password as the account IS NOT locked after creation. The default
tablespace for this user is "ODM" with temporary tablespace "TEMP". The "ODM"
tablespace is populated with segments from users ODM and ODM_MTR.
Created By: $ORACLE_HOME/dm/admin/dmcrt.sql
|
| OLAPSYS |
mtrpw |
This user is create if OLAP option is installed and is used to create
OLAP metadata structures. In Oracle9i, this user is granted
"SELECT_CATALOG_ROLE" and "HS_ADMIN_ROLE". Oracle recommends changing the
default password. The default tablespace for this user is "ODM" with temporary
tablespace "TEMP". The "ODM" tablespace is populated with segments from users
ODM and ODM_MTR.
Created By: $ORACLE_HOME/dm/admin/dmcrt.sql
|
| TRACESVR |
trace |
Oracle Trace server. Supports Oracle Trace for OEM in Oracle7. Oracle
Trace is used to collect a wide variety of data, such as performance statistics,
diagnostic data, system resource usage, and business transaction details.
This user was last used in Oracle7 and can be dropped from databases using
Oracle8 and higher.
|
| REPADMIN |
Managed by DBA when user is created. |
Replication user. This user is manually created by the DBA using
CREATE USER... This user is also created in the scripts:
$ORACLE_HOME/ldap/admin/oidrsrms.sql and $ORACLE_HOME/ldap/admin/oidrsms.sql.
Oracle recommends changing the default password if automatically created.
|
No comments:
Post a Comment