Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Les 07

    Încărcat de

    Makokhan
    66 vizualizări28 pagini
    Users, roles, and privileges create users create roles grant and revoke object privileges create and access database links. Understanding system privileges The DBA has high-level system privileges. An application developer may have the following system privileges: - -. - Creating Users The DBA creates users by using the CREATE USER statement.

    Descriere originală:

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    PPT, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    Users, roles, and privileges create users create roles grant and revoke object privileges create and access database links. Understanding system privileges The DBA has high-level system privileges. An application developer may have the following system privileges: - -. - Creating Users The DBA creates users by using the CREATE USER statement.

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PPT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    66 vizualizări28 pagini

    Les 07

    Încărcat de

    Makokhan
    Users, roles, and privileges create users create roles grant and revoke object privileges create and access database links. Understanding system privileges The DBA has high-level system privileges. An application developer may have the following system privileges: - -. - Creating Users The DBA creates users by using the CREATE USER statement.

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PPT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 28

    7

    Controlling User Access

    Copyright © 2004, Oracle. All rights reserved.


    Objectives

    After completing this lesson, you should be able to do


    the following:
    • Discuss the concepts of users, roles, and
    privileges
    • Create users
    • Create roles
    • Grant and revoke object privileges
    • Create and access database links

    7-2 Copyright © 2004, Oracle. All rights reserved.


    Controlling User Access

    • Database security:
    – System security
    – Data security Database
    • System privileges: Access administrator
    to the database Username
    • Object privileges: Ability and password
    to manipulate the content privileges
    of the database objects
    • Schema: A collection of
    objects, such as tables,
    views, and sequences
    Users

    7-3 Copyright © 2004, Oracle. All rights reserved.


    7-4 Copyright © 2004, Oracle. All rights reserved.
    Understanding System Privileges

    • There are more than 100 privileges.


    • The DBA has high-level system privileges,
    including the right to:
    – Create new users
    – Remove users
    – Remove tables
    – Back up tables

    7-5 Copyright © 2004, Oracle. All rights reserved.


    Creating Users

    The DBA creates users by using the CREATE USER


    statement.
    Syntax:
    CREATE USER user
    IDENTIFIED BY password;

    Example:
    CREATE USER scott
    IDENTIFIED BY tiger;
    User created.

    7-6 Copyright © 2004, Oracle. All rights reserved.


    Granting System Privileges to a User

    • After a user is created, the DBA can grant that


    user specific system privileges.
    • An application developer may have the following
    system privileges:
    – CREATE SESSION
    – CREATE TABLE
    – CREATE SEQUENCE
    – CREATE VIEW
    – CREATE PROCEDURE

    7-7 Copyright © 2004, Oracle. All rights reserved.


    Granting System Privileges

    Syntax:
    GRANT { system_privilege | role | ALL PRIVILEGES }
    [, { system_privilege | role | ALL PRIVILEGES }]...
    TO { user | role | PUBLIC }
    [, { user | role | PUBLIC }]...
    [IDENTIFIED BY password] [WITH ADMIN OPTION]

    Example:
    GRANT create table, create sequence, create view
    TO scott;
    Grant succeeded.

    7-8 Copyright © 2004, Oracle. All rights reserved.


    Understanding Roles

    Users

    Manager

    Privileges

    Allocating privileges Allocating privileges


    without a role with a role

    7-9 Copyright © 2004, Oracle. All rights reserved.


    Creating a Role

    • Create a role:
    CREATE ROLE manager;
    Role created.

    • Grant privileges to a role:


    GRANT create table, create view
    TO manager;
    Grant succeeded.

    • Grant a role to users:


    GRANT manager to BLAKE, CLARK;
    Grant succeeded.

    7-10 Copyright © 2004, Oracle. All rights reserved.


    Changing Your Password

    • When the user account is created, a password is


    initialized.
    • Users can change their passwords by using the
    ALTER USER statement.

    ALTER USER scott IDENTIFIED BY lion;


    User altered.

    7-11 Copyright © 2004, Oracle. All rights reserved.


    Understanding Object Privileges

    Object
    Privilege Table View Sequence Procedure

    ALTER √ √
    DELETE √ √
    EXECUTE √
    INDEX √
    INSERT √ √
    REFERENCES √
    SELECT √ √ √
    UPDATE √ √
    7-12 Copyright © 2004, Oracle. All rights reserved.
    Understanding Object Privileges

    • Object privileges vary from object to object.


    • An owner has all the privileges on the object.
    • An owner can grant specific privileges on the
    owner’s object to another user.

    GRANT {ALL [PRIVILEGES]|object_priv [(columns)]}


    ON object
    TO {user|role|PUBLIC}
    [WITH GRANT OPTION];

    7-13 Copyright © 2004, Oracle. All rights reserved.


    Granting Object Privileges

    • Grant query privileges on the EMPLOYEES table.


    GRANT select
    ON employees
    TO sue, rich;
    Grant succeeded.
    • Grant privileges to update specific columns to
    users and roles.
    GRANT update (department_id, location_id)
    ON departments
    TO scott, manager;
    Grant succeeded.
    • To access the objects of other schemas on which
    you have access privileges, prefix the object name
    with the schema name followed by a period.

    7-14 Copyright © 2004, Oracle. All rights reserved.


    Using the WITH GRANT OPTION and
    PUBLIC Keywords

    • Give a user authority to pass along the privileges.


    GRANT select, insert
    ON departments
    TO scott
    WITH GRANT OPTION;
    Grant succeeded.

    • Allow all users on the system to query data from


    Alice’s DEPARTMENTS table.
    GRANT select
    ON alice.departments
    TO PUBLIC;
    Grant succeeded.

    7-15 Copyright © 2004, Oracle. All rights reserved.


    7-16 Copyright © 2004, Oracle. All rights reserved.
    Confirming Privileges Granted

    Data Dictionary View Description


    ROLE_SYS_PRIVS System privileges granted to roles
    ROLE_TAB_PRIVS Table privileges granted to roles
    USER_ROLE_PRIVS Roles accessible by the user
    USER_TAB_PRIVS_MADE Object privileges granted on the
    user’s objects
    USER_TAB_PRIVS_RECD Object privileges granted to the user
    USER_COL_PRIVS_MADE Object privileges granted on the
    columns of the user’s objects
    USER_COL_PRIVS_RECD Object privileges granted to the user
    on specific columns
    USER_SYS_PRIVS System privileges granted to the
    user

    7-17 Copyright © 2004, Oracle. All rights reserved.


    7-18 Copyright © 2004, Oracle. All rights reserved.
    Revoking Object Privileges

    Syntax:
    REVOKE {privilege [, privilege...]|ALL}
    ON object
    FROM {user[, user...]|role|PUBLIC}
    [CASCADE CONSTRAINTS];

    Example: As user ALICE, revoke the SELECT and


    INSERT privileges given to user SCOTT on the
    DEPARTMENTS table.
    REVOKE select, insert
    ON departments
    FROM scott;
    Revoke succeeded.

    7-19 Copyright © 2004, Oracle. All rights reserved.


    Understanding Database Links

    A database link connection allows local users to


    access data on a remote database.

    Local Remote

    EMP table

    SELECT * FROM HQ_ACME.COM


    emp@HQ_ACME.COM; database

    7-20 Copyright © 2004, Oracle. All rights reserved.


    7-21 Copyright © 2004, Oracle. All rights reserved.
    Creating Database Links

    • Create the database link.


    CREATE PUBLIC DATABASE LINK hq.acme.com
    USING 'sales';
    Database link created.
    • Write SQL statements that use the database link.
    SELECT *
    FROM emp@HQ.ACME.COM;

    7-22 Copyright © 2004, Oracle. All rights reserved.


    7-23 Copyright © 2004, Oracle. All rights reserved.
    Summary

    In this lesson, you should have learned how to do the


    following:
    • Discuss the concepts of users, roles, and
    privileges
    • Create users
    • Create roles
    • Grant and revoke object privileges
    • Create and access database links

    7-24 Copyright © 2004, Oracle. All rights reserved.


    Practice 7: Overview

    This practice covers the following topics:


    • Granting other users privileges to your table
    • Modifying another user’s table through the
    privileges granted to you
    • Querying the data dictionary views related to
    privileges

    7-25 Copyright © 2004, Oracle. All rights reserved.


    7-26 Copyright © 2004, Oracle. All rights reserved.
    7-27 Copyright © 2004, Oracle. All rights reserved.
    7-28 Copyright © 2004, Oracle. All rights reserved.

    S-ar putea să vă placă și