Thursday, December 13, 2018

Oracle Created Database Users: Password, Usage and Files References

Oracle Created Database Users: Password, Usage and Files References (Doc ID 160861.1)


This document is no longer actively maintained, for info on specific (new)
 users in recent product editions, 
please check the relevant product/feature documentation.

Purpose
~~~~~~~
The following table lists the default usernames and passwords you may encounter 
in your database as a result of installing various additional 
  --> products/components
  --> options   
  --> new features of the version

It provides references to 
   --> which option or product should be installed to have it 
   --> what script created it 
   --> what it is used for   
   --> suggestion to secure the account


SCOPE & APPLICATION
~~~~~~~~~~~~~~~~~~~
Database Administrators who need to export full databases, manage users and 
security.


List Of Users Created at Database Creation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By default, are automatically created during database creation :

  SCOTT  by script $ORACLE_HOME/rdbms/admin/utlsampl.sql
  OUTLN  by script $ORACLE_HOME/rdbms/admin/sql.bsq


Optionally:

  DBSNMP                    if Enterprise Manager Intelligent Agent is installed 
  MGMT_VIEW                 is part of the DB Control Repository
  SYSMAN                    is part of the DB Control Repository and Grid
                            see Note:270516.1 for details
  TRACESVR                  if Enterprise Manager is installed
  AURORA$ORB$UNAUTHENTICATED \
  AURORA$JIS$UTILITY$         -- if Oracle Servlet Engine (OSE) is installed
  OSE$HTTP$ADMIN             /
  MDSYS                     if Oracle Spatial option is installed 
  MDDATA                    if Oracle Spatial option is installed 
  ORDSYS                    if interMedia Audio option is installed  
  ORDPLUGINS                if interMedia Audio option is installed  
  SI_INFORMTN_SCHEMA        if interMedia option is installed  
  CTXSYS                    if Oracle Text option is installed
  WKSYS                     if Oracle Ultra Search option is installed
  WKUSER (9i)/WK_TEST (10g) if Oracle Ultra Search option is installed
  REPADMIN                  if Replication Option is installed 
  LBACSYS                   if Oracle Label Security option is installed 
  DVF                       if Oracle Database Vault option is installed
  DVSYS                     if Oracle Database Vault option is installed
  ODM                       if Oracle Data Mining option is installed
  ODM_MTR                   idem
  DMSYS (10g)               if Oracle Data Mining 10g option is installed
  DMSYS                     in 10g version to replace ODM and ODM_MTR schemas
  OLAPSYS                   if OLAP option is installed
  WMSYS                     if Oracle Workspace Manager script owmctab.plb is
                            executed.
  ANONYMOUS                 if catqm.sql catalog script for SQL XML management
  XDB                       is executed
  EXFSYS                    is the Expression Filter Feature repository
  DIP                       for provisioning event processing
  TSMSYS                    Transparent Session Migration

  Oracle9i Sample Schemas   if you need to test through a complete sample 
                            system of information (see note 207560.1)

Note
~~~~
If you have already the 9i sample schemas (hr, oe, pm, etc.) and you don't need
them, you can removed them safely and without damage to the database.


a. The SCOTT user is created by default to provide sample user tables. You can 
   alter the password. To create the default tables, run the script 
   $ORACLE_HOME/sqlplus/demo/demobld.sql. To drop the objects, run 
   $ORACLE_HOME/sqlplus/demo/demodrop.sql connected as SCOTT.

b. The OUTLN (OUTLiNes) user is automatically created during installation of 
   Oracle8i and Oracle9i. OULTN is the schema of Stored Outlines.
   The package OUTLN_PKG is used to manage stored outlines and categories. 
   OUTLN is the owner of tables OL$, OL$HINTS (Oracle8i) as well as OL$NODES 
   (Oracle9i) used to store hints for stored outlines.   
   You can change the password for the OUTLN schema just as for the SYS and SYSTEM
   schemas.

b. The DBSNMP user can be dropped by running the catnsnmp.sql script. If you 
   need to re-create it, run the catsnmp.sql script. Ensure that there are no 
   jobs running or scheduled in Oracle Enterprise Manager before you run the 
   script.

   MGMT_VIEW is part of the DB Control Repository, it is created by running
   the script $OH/sysman/admin/emdrep/bin/RepManager, the password is 
   autogenerated (it does not have a fixed or default value).

   SYSMAN belongs to the same feature ( see Note:270516.1 for details):
   it is the schema of the Grid OMS repository of the 10G Enterprise Manager Grid.

c. The TRACESVR user is created by $ORACLE_HOME/otrace/admin/otrcsvr.sql during
   the installation of OEM. 
   If you change TRACESVR user's password, you will not be able to do OTrace
   collections. This user is only used with 7.x Databases where stored procedures 
   are used by OTrace to start and stop data collections. The TRACESVR/stored 
   procedure mechanism is no longer used to control OTrace collections starting 
   with Oracle 8.x Databases. Therefore in this case you can change the password 
  (or drop that user). 

d. The three JSERV accounts (AURORA$JIS$UTILITY$, AURORA$ORB$UNAUTHENTICATED and
   OSE$HTTP$ADMIN) are used internally by Enterprise Java Beans and CORBA Tools
   and created with randomly-generated passwords 'INVALID_ENCRYPTED_PASSWORD'.

   -> jisorb.sql creates user AURORA$ORB$UNAUTHENTICATED.
   -> jisbgn.sql creates user AURORA$JIS$UTILITY$ 
   -> jishausr.sql creates user OSE$HTTP$ADMIN 
   These 3 scripts are launched by init_jis.sql script to install the Oracle 
   Servlet Engine (OSE)
      
   Changing their passwords would prevent the ORB from working.
   This is supposed to change in a future version so that you can change their
   password.

e. MDSYS, MDDATA, ORDSYS, CTXSYS, ORDPLUGINS and SI_INFORMTN_SCHEMA are created 
   to support Oracle Intermedia. 
   The default password for the ORDSYS and SI_INFORMTN_SCHEMA users during 
   automatic installation is 'ORDSYS', and for ORDPLUGINS is 'ORDPLUGINS'.
   The schema MDDATA is used by Oracle Spatial for storing Geocoder and router 
   data Geocoding is the process of converting tables of address data into 
   standardized address, location, and possibly other data.
   
f. WKSYS is a privileged Oracle user who owns the Ultra Search data dictionary 
   and internal objects. Ultra Search uses the WKSYS user for storing Ultra 
   Search packages and metadata. WKUSER (9i)/WK_TEST (10g) is a test user.

g. REPADMIN user: it is usual to have a separate user for the replication 
   administrator to protect master groups from being managed by snapshot 
   administrators.
   This user configures the replicated environment and performs administration
   of all replicated schemas / groups.

h. LBACSYS user: the Oracle Label Security administrator username.
 
i. DVSYS schema stores the database objects needed to process Oracle data for 
   Oracle Database Vault. This schema contains the roles, views, accounts, 
   functions, and other database objects that Oracle Database Vault uses. 

j. The DVF schema contains public functions to retrieve (at run time) the 
   factor values set in the Oracle Database Vault access control configuration.

k. ODM user: who performs data mining operations. 
   In 10g, a user can be created with a chosen name.

l. ODM_MTR user:  the account associated with the data repository for data 
   mining sample programs. 
   In 10g, DMSYS is the schema for the data repository.

m. OLAPSYS user: identity used to create OLAP metadata structures. 

n. WMSYS user: used to store all the metadata information for Oracle Workspace 
   Manager. 

o. ANONYMOUS user: allows HTTP access to Oracle XML DB.
 
p. XDB user: Used for storing Oracle XML DB data and metadata. 

q. EXFSYS is the Expression Filter Feature repository (see Note:258618.1): 
   the user is created with the script exfsys.sql that asks for a password.

r. DIP is created in rdbms/admin/catdip.sql (password is DIP): for provisioning
   event processing

s. TSMSYS is created in rdbms/admin/cattsm.sql for Transparent Session Migration

t. The Oracle9i Sample Schemas provides installed schemas meant to be used for 
   demonstration purposes only:
   -> HR: Human Resources schema
          The Human Resources division tracks information on the company's 
          employees and facilities.
   -> OE: Order Entry schema requires "Oracle Spatial" option.
          The Order Entry division tracks product inventories and sales of the 
          company�s products through various channels.
   -> PM: Product Media schema requires "Oracle JVM" and "Oracle Intermedia" 
          options.
          The Product Media division maintains descriptions and detailed 
          information on each product sold by the company.
   -> SH: Sales History schema requires "Oracle OLAP" set up.
          The Sales History division tracks business statistics to facilitate
          business decisions.
   -> QS: Queued Shipping schema
          The Shipping division manages the shipping of products to customer.
          The sample company has decided to test the use of messaging to 
          manage its proposed B2B applications.
   -> QS_ES (Eastern Shipping)
   -> QS_WS (Western Shipping)
   -> QS_OS (Overseas Shipping)
   -> QS_CB (Customer Billing)
   -> QS_CS (Customer Service)
   -> QS_ADM (Administration)
   -> QS_CBADM (Customer Billing Administration)

If any of the user accounts is locked and expired upon installation and needs to
be activated, unlock and assign a new meaningful password to that user account:
 
   SQL> ALTER USER "schema_name" IDENTIFIED BY "newpass" ACCOUNT UNLOCK;


Passwords and Referenced Files List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Username    | Description             | Default Password | Created or Referenced         |Comments
            |                         |                  | in $ORACLE_HOME/ files        |
------------+-------------------------+------------------+-------------------------------+--------
            |                         |                  |                               |
CTXSYS      | Intermedia Text schema  | CTXSYS           |./ctx/admin/dr0csys.sql        |change
            |                         |                  |./bin/ctxsrv -user ctxsys/*    |                                                      
------------+-------------------------+------------------+-------------------------------+--------                   
DBSNMP      | Intelligent Agent user  | DBSNMP           |./rdbms/admin/catsnmp.sql      |change
            |                         |                  |./bin/dbsnmp                   |
            |                         |                  |./network/admin/snmp_rw.ora    |
------------+-------------------------+------------------+-------------------------------+--------
MGMT_VIEW   | DB Control Repository   | autogenerated    |./sysman/admin/emdrep/bin/RepManager|
------------+-------------------------+------------------+-------------------------------+--------
SYSMAN      | DB Control Repository   | asked            |                               |See Note 259379.1
------------+-------------------------+------------------+-------------------------------+--------
MDSYS       | Spatial Data Option user| MDSYS            |./md/admin/mdinst.sql          |change
            |                         |                  |./ord/admin/ordisysc.sql       |
MDDATA      | Spatial Data Option user| MDDATA           |./md/admin/catmd.sql           |lock
------------+-------------------------+------------------+-------------------------------+--------
WKSYS       | Ultra Search option user| WKSYS  (admin)   |./ultrasearch/admin/wk0csys.sql|change
WKUSER (9i) | Ultra Search option user| WKUSER (end-user)|./ultrasearch/admin/wk0csys.sql|
WK_TEST (10g)|                        | WK_TEST (same)   |./ultrasearch/admin/wk0csys.sql|
------------+-------------------------+------------------+-------------------------------+--------
ODM         | Oracle Data Mining      | ODM              |./dm/admin/dmcrt.sql           |change
ODM_MTR     | Oracle Data Mining      | MTRPW            |./dm/admin/dmcrt.sql           |change
DMSYS (10g) | Oracle Data Mining      | DMSYS            |./dm/admin/odmcrtm.sql         |change
any name    | Oracle Data Mining      | any pasword      |./dm/admin/odmcrt.sql          |
------------+-------------------------+------------------+-------------------------------+--------
ORDPLUGINS  | InterMedia Audio option | ORDPLUGINS       |./ord/admin/ordisysc.sql       |change
ORDSYS      | InterMedia Audio option | ORDSYS           |./ord/admin/ordisysc.sql       |change
SI_INFORMTN_SCHEMA |InterMedia option | SI_INFORMTN_SCHEMA | ./ord/admin/ordisysc.sql    |lock  
------------+-------------------------+------------------+-------------------------------+--------
OUTLN       | Stored Outlines         | OUTLN            |./rdbms/admin/c0703040.sql     |lock
            |                         |                  |./rdbms/admin/c0800050.sql     |
            |                         |                  |./rdbms/admin/sql.bsq          |
------------+-------------------------+------------------+-------------------------------+--------
PERFSTAT    | STATSPACK Repository    | PERFSTAT         |./rdbms/admin/spcreate.sql     |change
            |                         |                  |(./rdbms/admin/spcusr.sql)     |
------------+-------------------------+------------------+-------------------------------+--------
RMAN        | RMAN catalog Owner      | RMAN             | manually                              |change
------------+-------------------------+------------------+-------------------------------+--------
SCOTT       | Demo user               | TIGER            |./rdbms/admin/utlsampl.sql     |*drop 
------------+-------------------------+------------------+-------------------------------+--------
WKPROXY     | Ultraseach user         | change_on_install|./ultrasearch/admin/wk0csys.sql|change
WKSYS       | Ultraseach user         | change_on_install|./ultrasearch/admin/wk0install.sql| ""
------------+-------------------------+------------------+-------------------------------+--------
WMSYS       | Oracle Workspace Manager| wmsys            |./rdbms/admin/owmctab.plb      |lock
------------+-------------------------+------------------+-------------------------------+--------
XDB         | SQL XML management      | change_on_install|./rdbms/admin/catqm.sql        |lock
ANONYMOUS   | SQL XML management      | values anonymous |./rdbms/admin/catqm.sql        |lock
------------+-------------------------+------------------+-------------------------------+--------
TRACESVR    | Oracle Trace user       | trace            |./rdbms/admin/otrcsvr.sql      |change
------------+-------------------------+------------------+-------------------------------+--------
OAS_PUBLIC  | Web Toolkit/Content     | manager          | See Note:99088.1              |change
WEBSYS      | Web Toolkit/Content     | manager          | See Note:99088.1              |change
------------+-------------------------+------------------+-------------------------------+--------
REPADMIN    | Replication user        | managed by DBA   |created manually by CREATE USER|
            |                         |                  |./ldap/admin/oidrsrms.sql      |change
            |                         |                  |./ldap/admin/oidrsms.sql       |
------------+-------------------------+------------------+-------------------------------+--------
AURORA$ORB$UNAUTHENTICATED| OSE       | random value     |./javavm/install/jisorb.sql    |lock
AURORA$JIS$UTILITY$       | OSE       | random value     |./javavm/install/jisbgn.sql    |lock
OSE$HTTP$ADMIN            | OSE       | random value     |./javavm/install/jishausr.sql  |lock
------------+-------------------------+------------------+-------------------------------+--------
LBACSYS     | Label Security          | LBACSYS          |./rdbms/admin/catlbacs.sql     |change                                                       
------------+-------------------------+------------------+-------------------------------+--------
DVSYS       | Database Vault          | DVSYS            |./rdbms/admin/catmacs.sql      |change
------------+-------------------------+------------------+-------------------------------+--------
DVF         | Database Vault          | DVF              |./rdbms/admin/catmacs.sql      |change
------------+-------------------------+------------------+-------------------------------+--------
SYS         |  Administrative         | change_on_install|./rdbms/admin/sql.bsq          |change
SYSTEM      |  Administrative         | manager          |./rdbms/admin/sql.bsq          |change
------------+-------------------------+------------------+-------------------------------+---------
EXFSYS      | Expression Filter Feature repository |asked|./rdbms/admin/exfsys.sql       |locked
------------+-------------------------+------------------+-------------------------------+--------
DIP         | Provision event processing| DIP            |./rdbms/admin/catdip.sql       |locked
------------+-------------------------+------------------+-------------------------------+--------
TSMSYS      | Transparent Session Migration| TSMSYS      |./rdbms/admin/cattsm.sql       |locked
------------+-------------------------+------------------+-------------------------------+--------


* User SCOTT is for test purposes: drop it if of no use.

Related Documents:
~~~~~~~~~~~~~~~~~~
Note:227010.1  Script to check for Default Passwords being used for common 
                 usernames.
Note:131752.1  Security Check List: Steps to Make Your Database Secure 
                 from Attacks
Note:1071358.6 What is the OUTLN User?
Note:98572.1   Script to create user OUTLN
Note:1060420.6 ORACLE_8 NEW ROLE  SNMPAGENT
Note.206870.1  Security risk with catsnmp.sql launched by catproc.sql
Note.1027776.6 CONTEXT SERVER SHOWING THE CTXSYS PASSWORD
Note:120093.1  Initial steps required to a create Snapshot Replication 
                 environment v8.1
Note:117434.1  Initial steps required to a create Multi Master Replication 
                 environment v8.1
Note:99088.1   Manually create the Web Toolkit/Content Services
Note:207560.1  Can the 9i Sample Schemas Be Safely Removed?
Note:217135.1  Usernames which cannot be exported
Note:270516.1  How To Change The SYSMAN Password Used For Grid Control
Note:258618.1  How To Install and Uninstall Expression Filter Feature or 
                 EXFSYS schema
Note:234712.1  Managing Schemas of the 9iAS Release 2 (9.0.2.x) Metadata 
                 Repository
Note:329600.1  How To Completely Remove Intermedia, ORDSYS, ORDPLUGIN And 
                 MDSYS Schemas
Note:263428.1  How to De-install Oracle Workspace Manager
Note:232648.1  Ultra Search Frequently Asked Questions
Note:472937.1  Information On Installed Database Components and Schemas

No comments: