Creating a DB user without using a CREATE statement

I was teaching an Oracle Database 12c New Features class recently when I stumbled upon something I found quite interesting. While preparing for the class, I had to correct some of the exercises that had been provided since there were some typos due to OCR conversion. For one of the exercise, I had to create a new user and while I was entering the commands, I realized that I typed a GRANT statement before issuing the CREATE user statement. This must've been a typo I thought, but proceeded anyway. To my surprise Oracle didn't throw any errors at me!

Well I must have done something wrong so let's try this again.

First let's connect to the database - in this example I'm using Oracle 12.1.0.1 but I've tested and confirmed it works in Oracle 11.2 as well and should also work in Oracle 10.2 but I haven't tested it.
PDB1@ORCL> ALTER SESSION SET CONTAINER=PDB1;

Session altered.
Check if the user exists
PDB1@ORCL> SELECT username,account_status,created
2 FROM dba_users
3 WHERE username LIKE 'TOM%';

no rows selected
Now there is no Tom in my PDB so let's just grant the CONNECT privilege to the non-existent user.

PDB1@ORCL> GRANT connect TO tom IDENTIFIED BY jerry;

Grant succeeded.
That seemed to work. Let's check if the user now exists.
PDB1@ORCL> SELECT username,account_status,created
2 FROM dba_users
3 WHERE username LIKE 'TOM%';


USERNAME ACCOUNT_STATUS CREATED
------------------------------ -------------------- ---------
TOM OPEN 13-SEP-15

PDB1@ORCL> CONNECT tom/jerry
Connected.
PDB1@ORCL>
And he does! This was new to me and a few others since I tweeted my discovery and others had the same sentiment.


This is also documented in the Database SQL Language reference. The IDENTIFIED BY clause is part of the grantee_system_privilege. This means that it doesn't work for object privilege grants.
To illustrate I'll try to grant insert on the employees table to a non-existent user "TWEETY".
PDB1@ORCL> GRANT INSERT ON HR.EMPLOYEES TO TWEETY;
GRANT INSERT ON HR.EMPLOYEES TO TWEETY
*
ERROR at line 1:
ORA-01917: user or role 'TWEETY' does not exist
I don't recommend using the GRANT statement to create a user. I'd rather explicitly use the CREATE statement for that purpose. Has anyone used this before? Feel free to leave comments below.




Comments

  1. AnonymousSeptember 14, 2015 at 3:25 PM

    Hi Leighton, Good to Know! Where you teach 12c class? online? I may apply for it. :-)

    Emily

    ReplyDelete
  2. FouedFebruary 25, 2016 at 12:41 PM

    thanks for the share :)
    Foued

    ReplyDelete

Post a Comment

Popular posts from this blog

Setup a Wordpress site in 10 Minutes using Oracle Container Cloud Service

Image
Oracle Container Cloud Service Oracle Container Cloud Service lets you easily deploy applications based on docker images. If you don't have an existing application you can create one on docker. However, the easiest method to get a full application up and running is by deploying a stack. Oracle Container Cloud Service provides several example stacks that you can deploy, including web servers based on NGINX or Apache, MongoDB database, and Wordpress. You can find more examples on Oracle GitHub Site . Let's see just how easy it is to spin up a Wordpress site using the Oracle Container Cloud Service. Prerequisites: Access to Oracle Cloud Account Subscription to Oracle IaaS Service First, go to the Oracle Container Cloud Service console and launch a new service. In this example, I created a service with three containers. One manager and two worker nodes. Choose an appropriate "shape" for your compute instances. Note: Oracle uses the term "shape" to r...
Read more

Oracle Home Cloning: Tools and Techniques

One of the many necessary and frequent tasks that a database administrator performs before creating a database is installing the Oracle database binaries. These binaries form what is known as an Oracle Home (referenced by the ORACLE_HOME environment variable on Linux and UNIX environments). Unfortunately, this is also one of the most mundane and uninteresting tasks a DBA can perform. So like all good DBAs know, the best way to deal with such repetitive task is to automate it. Automating installations of Oracle database binaries enables us to reliably repeat the process to enable faster installation as well as provide identical copies of the software in multiple environments. Fortunately, Oracle allows us to clone the Oracle database binaries from one environment to another. Cloning your Oracle binaries from a source copy with all the necessary patches applied enables us to have gold images which can then be deployed to multiple environments. The procedure for cloning an Oracle home...
Read more

Using XFS on Oracle Linux

Install xfs packages on Oracle Linux 6.6 via Oracle Public Yum [root@matthew ~]# yum install xfsprogs Loaded plugins: refresh-packagekit Setting up Install Process public_ol6_UEKR3_latest | 1.2 kB 00:00 public_ol6_UEK_latest | 1.2 kB 00:00 public_ol6_UEK_latest/primary | 19 MB 00:02 public_ol6_UEK_latest 407/407 public_ol6_addons | 1.2 kB 00:00 public_ol6_addons/primary | 77 kB 00:00 public_ol6_addons 269/269 public_ol6_latest | 1.4 kB 00:00 public_ol6_latest/primary | 46 MB 00:05 public_ol6_latest 29302/29302 http://public-yum.oracle.com/beta/repo/OracleLinux/OL6/uek3/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found" Trying other mirror. Resolving Dependencies --> Running transaction check ---> Package xfsprogs.x86_64 0:3.1.11-1.0.5.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ===================================================================================================...
Read more