How to list all Oracle system schemas

By Franck Pachot

.
Do you want to know which users come with the Oracle Database and which are the ones you have created? This is that not easy, especially prior to Oracle 12c. You know SYS and SYSTEM, but there are many others – especially when you have installed all options.

And it is important to know them all, e. g. when you import or apply a password policy, etc.
Let’s see the options we have.

12c shows Oracle maintained users

Oracle 12c has introduced the ORACLE_MAINTAINED in the DBA_USERS dictionary view.
It is YES for the users created by oracle scripts (create database, calalog.sql, catproc.sql). So it’s the right place to check when you are in 12c.

12c Common users

Oracle 12c has another column to distinguish the user commonality. This is for CDB: the oracle dictionary is stored in the root container, and each PDB have links to it. And what is nice is that even when in a non-cdb the column is at ‘YES’ for Oracle maintained users and at ‘NO’ for created users. (except if you create C## common users in a cdb).

Default passwords

The table sys.default_pwd$ stores the default password hash value so that we can check which users can log with trivial password. Even if it includes all the Oracle maintained users, it has also some well known users which are not provided by database creation at all.

Sysaux occupants

Another idea that I took from Martin Bach is to crosscheck check with v$sysaux_occupants. Some Oracle provided users are missing, but the nice thing is that there is a description for the schemas that are listed.

Not exported by DataPump

DataPump maintains its own list of users for which the tables are not exported, and you can query sys.ku_noexp_tab for that. The old exp has also its list stored in sys.exu8usr. But both are not exhaustive.

Another exclusion list is the one used by logical standby: system.logstdby$skip which may be used as well to crosscheck (only records with ‘action=0’ are relevant for schema exclusion).

Let’s check all that on a 12c non-cdb database. Here is the query that crosscheck all than information with outer joins:

select created,username,oracle_maintained,common,no_exp,no_expdp,no_sby,default_password,sysaux,occupant_desc
from dba_users 
left outer join 
 (select distinct name username,'Y' no_expdp from sys.ku_noexp_tab where obj_type='SCHEMA') 
 using(username)
left outer join (select distinct name username,'Y' no_exp from sys.exu8usr)
 using(username)
left outer join (select distinct name username,'Y' no_sby from system.logstdby$skip_support where action in (0,-1))
 using(username)
left outer join (select distinct user_name username,'Y' default_password from sys.default_pwd$)
 using(username)
left outer join (select schema_name username,'Y' sysaux,decode(count(*),1,min(occupant_desc)) occupant_desc from v$sysaux_occupants group by schema_name)
 using(username)
order by created,username;

and the result, ordered by creation date so that you can check which users were created by the database creation:

 
So you see that the 12c columns are highly reliable. They include all users that have been created during the database creatio, but do not include the users that were created afterwards.
When not in 12c, the exclusion list coming from DataPump is quite good, but not exhaustive.
Sometimes the most useful features are not those that change the future of database, but rather those little things that make life easier.
In DBA_USERS, we have two very useful new columns: ORACLE_MAINTAINED and LAST_LOGIN. That is a great improvement.