# More About Users Account
Unique username
Authentication method
Default tablespace
Temporary tablespace
User profile
Initial consumer group
Account status
More About Users accounts
* Unique username: Usernames cannot exceed 30 bytes, cannot contain special characters, and must start with a letter.
* Authentication method: The most common authentication method is a password.
* Default tablespace: This is a place where a user creates objects if the user does not specify some other tablespace.
* Temporary tablespace: This is a place where temporary objects, such as sorts and temporary tables, are created on behalf of the user by the instance. No quota is applied to temporary tablespaces. If an administrator does not define a temporary tablespace for a user, the system-defined temporary tablespace is used when the user creates objects.
* User profile: This is a set of resource and password restrictions assigned to the user.
* Initial consumer group: This is used by the Resource Manager.
* Account status: Users can access only "open" accounts. The account status may be "locked" and/or "expired."
Oracle- supplied administrator accounts
SYS
This account can perform all administrative functions.
All base (underlying) tables and views for the database data dictionary are stored in the SYS schema.
These base tables and views are critical for the operation of Oracle Database.
To maintain the integrity of the data dictionary, tables in the SYS schema are manipulated
only by the database. They should never be modified by any user or database administrator.
You must not create any tables in the SYS schema.
The SYS user is granted the SYSDBA privilege,
which enables a user to perform high-level administrative tasks such as backup and recovery.
SYSTEM
This account can perform all administrative functions except the following:
Backup and recovery
Database upgrade
SYSBACKUP
Facilitates Oracle Recovery Manager (RMAN) backup and recovery operations
SYSDG
Facilitates Oracle Data Guard operations
SYSKM
Facilitates Transparent Data Encryption wallet operations
SYSRAC
For Real Application Cluster (RAC) database administration tasks
SYSMAN
For Oracle Enterprise Manager database administration tasks
* Oracle Data Guard provides the management, monitoring, and automation software to create and
maintain one or more standby databases to protect Oracle data from failures, disasters, human
error, and data corruptions while providing high availability for mission critical applications.
* Data Guard is included with Oracle Database Enterprise Edition.
Transparent Data Encryption (TDE) enables you to encrypt sensitive data that you store in tables
and tablespaces.
Special system privileges for administrators
SYSDBA
• Perform STARTUP and SHUTDOWN operations
• ALTER DATABASE: open, mount, back up, or change character set
• CREATE DATABASE
• DROP DATABASE
• CREATE SPFILE
• ALTER DATABASE ARCHIVELOG
• ALTER DATABASE RECOVER
• Includes the RESTRICTED SESSION privilege
This administrative privilege allows most operations, including the ability to view user data. It is the most powerful administrative privilege.
SYSOPER
• Perform STARTUP and SHUTDOwN operations
• CREATE SPFILE
• ALTER DATABASE: open, mount, or back up
• ALTER DATABASE ARCHIVELOG
• ALTER DATABASE RECOVER (Complete recovery only. Any form of incomplete recovery, such as UNTIL TIME | CHANGE | CANCEL CONTROLFILE requires connecting as SYSDBA.)
• Includes the RESTRICTED SESSION privilege
This privilege allows a user to perform basic operational tasks, but without the ability to view user data.
SYSBACKUP
This privilege allows a user to perform backup and recovery operations either from Oracle Recovery Manager (RMAN) or SQL*Plus.
See Oracle Database Security Guide for the full list of operations allowed by this administrative privilege.
SYSDG
This privilege allows a user to perform Data Guard operations. You can use this privilege with either Data Guard Broker or the DGMGRL command-line interface.
SYSKM
This privilege allows a user to perform Transparent Data Encryption keystore operations.
SYSRAC
This privilege allows the Oracle agent of Oracle Clusterware to perform Oracle Real Application Clusters (Oracle RAC) operations.
SYSASM
This is a system privilege that enables the separation of the SYSDBA database administration privilege from the Oracle ASM storage administration privilege.
