Scribd Logo
Upload

Welcome to Scribd!

  • 14 views

    Lesson: Managing Roles

    Uploaded by

    Kimberly Mae Hernandez
    This document discusses managing user roles and privileges in a database. It covers creating users and granting them privileges, creating and assigning roles to users, changing passwords, object and system privileges, passing on privileges, and revoking privileges. The key topics covered are creating and managing users, roles, and privileges to control access to database objects and system resources.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Lesson: Managing Roles

    Uploaded by

    Kimberly Mae Hernandez
    14 views26 pages
    This document discusses managing user roles and privileges in a database. It covers creating users and granting them privileges, creating and assigning roles to users, changing passwords, object and system privileges, passing on privileges, and revoking privileges. The key topics covered are creating and managing users, roles, and privileges to control access to database objects and system resources.

    Original Title

    lesson3a

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document discusses managing user roles and privileges in a database. It covers creating users and granting them privileges, creating and assigning roles to users, changing passwords, object and system privileges, passing on privileges, and revoking privileges. The key topics covered are creating and managing users, roles, and privileges to control access to database objects and system resources.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    14 views26 pages

    Lesson: Managing Roles

    Uploaded by

    Kimberly Mae Hernandez
    This document discusses managing user roles and privileges in a database. It covers creating users and granting them privileges, creating and assigning roles to users, changing passwords, object and system privileges, passing on privileges, and revoking privileges. The key topics covered are creating and managing users, roles, and privileges to control access to database objects and system resources.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 26

    Lesson

    Managing Roles

    MAS-CS352-DBMS2
    Lesson Objectives:
    After completing this lesson, the student should be
    able to:
     Create a new USER
     Grant Privilege access to a specific User.
     Changes password
     Create and Grant role
     Pass Privileges
     Revoke Privileges

    MAS-CS352-DBMS2
    Controlling User Access

    MAS-CS352-DBMS2
    Controlling User Access cont.
     In a multiple-user environment, you want to maintain security of the
    database access and use. With Oracle server database security,
    you can do the following:
     Control database access
     Give access to specific objects in the database
     Confirm given and received privileges with the Oracle data dictionary
     Create synonyms for database objects
     Database security can be classified into two categories: system
    security and data security.
     System security covers access and use of the database at the system
    level such as the username and password, the disk space allocated to
    users, and the system operations that users can perform.
     Database security covers access and use of the database objects and
    the actions that those users can have on the objects.

    MAS-CS352-DBMS2
    Privileges
     Database security:
     System security
     Data security
     System privileges: Gaining access to the
    database
     Object privileges: Manipulating the content
    of the database objects
     Schemas: Collection of objects such as
    tables, views, and sequences

    MAS-CS352-DBMS2
    System Privileges
     More than 100 privileges are available.
     The database administrator has high-level
    system privileges for tasks such as:
     Creating new users
     Removing users
     Removing tables
     Backing up tables

    MAS-CS352-DBMS2
    Creating Users
     The DBA creates users with the CREATE USER
    statement.
     Syntax:
    CREATE USER user_name
    IDENTIFIED BY user_password;
     Example:

    MAS-CS352-DBMS2
    User System Privileges
     After a user is created, the DBA can grant specific system
    privileges to that user.
     Syntax:
    GRANT PRIVILEGE [privilege_type….]
    TO user_name [,user| role, PUBLIC…];
     An application developer, for example, may have the following
    system privileges:
     CREATE SESSION
     CREATE TABLE
     CREATE SEQUENCE
     CREATE VIEW
     CREATE PROCEDURE

    MAS-CS352-DBMS2
    User System Privileges
     The DBA can grant specific system privileges to a user.
     Example:

     In the given example user IT_MGR was given a role to CREATE


    SESSION, TABLE and VIEW.
     Try to exit normally your isqlplus* and then try to log-on using the
    role created and password.
     Note Password is always hidden.

    MAS-CS352-DBMS2
    User System Privileges: cont.
     Supposed that a user TIGER with a password of TIGER with a
    privilege of creating a session only.
     When this user try to create a table which is not granted as shown in
    the example:

     Automatically this user cannot perform any DDL statement.

    MAS-CS352-DBMS2
    What Is a Role?

    MAS-CS352-DBMS2
    What Is a Role?
     What Is a Role?
     A role is a named group of related privileges that can be granted to the user. This
    method makes it easier to revoke and maintain privileges.
     A user can have access to several roles, and several users can be assigned the
    same role. Roles are typically created for a database application.
     Creating and Assigning a Role
     First, the DBA must create the role. Then the DBA can assign privileges to the
    role and assign the role to users.
     Syntax

    CREATE ROLE role;


     In the syntax:
    role is the name of the role to be created
    After the role is created, the DBA can use the GRANT statement to
    assign the role to users as well as assign privileges to the role.

    MAS-CS352-DBMS2
    Creating and Granting Privileges to a Role

     Create a role Note:


    The example creates a
    SECRETARY role and then
    enables SECRETARY to create
    tables and views. It then grant
     Grant privileges to a role IT_MGR the role of SECRETARY.
    Now IT_MGR, tiger user can
    create tables and views.
     Grant a role to users If users have multiple roles
    granted to them, they receive all of
    the privileges associated with all of
    the roles.

    MAS-CS352-DBMS2
    Changing Your Password

     The DBA creates your user account and initializes your password.
     You can change your password by using the ALTER USER
    statement.
     Example:

     Try to exit isqlplus* then log-on using IT_MGR with the new
    password MGR.

    MAS-CS352-DBMS2
    Object Privileges

    MAS-CS352-DBMS2
    Object Privileges: cont.

     Object privileges vary from object to object.


     An owner has all the privileges on the object.
     An owner can give specific privileges on that
    owner’s object.
     Syntax:
    GRANT object_priv [(columns)]
    ON object
    TO {user|role|PUBLIC}
    [WITH GRANT OPTION];

    MAS-CS352-DBMS2
    Object Privileges: cont.

     Grant Object Privileges using the example below:

     By granting SELECT on user IT_MGR and tiger, these two users should
    used the example below in order to view the values on EMPLOYEES
    table:

     Where:
     SYSTEM: is the original user who grant a SELECT roles to IT_MGR and tiger.
     EMPLOYEES: is the name of the table granted to used SELECT statement.

    MAS-CS352-DBMS2
    Object Privileges: cont.

     Grant privileges to update specific columns to users and roles.

     Suppose that EMPLOYEES table have the following values.

     Performing UPDATE on column LASTNAME, FIRSTNAME is


    granted to user IT_MGR and tiger.

    MAS-CS352-DBMS2
    Passing on your Privileges

     Give a user authority to pass along privileges as shown in the example


    below:

     A privilege that is granted with the WITH GRANT OPTION clause can be
    passed on to other users and roles by the grantee. Object privileges granted
    with the WITH GRANT OPTION clause are revoked when the grantor’s
    privilege is revoked.
     The example on the slide gives user TIGER access to EMPLOYEES table
    with the privileges to query the table and add rows to the table. The
    example also shows that TIGER can give others these privileges.

    MAS-CS352-DBMS2
    Passing on your Privileges: Specific User

     In the example: the user TIGER was able to pass the privilege given
    to IT_MGR user.

     Since privilege has been passed to user TIGER this user can now
    insert a new row to EMPLOYEES table as shown in the example
    below:

    MAS-CS352-DBMS2
    Passing on your Privileges: PUBLIC

     Allow all users on the system to query data from SYSTEM.


    EMPLOYEES table.
     Example:

     An owner of a table can grant access to all users by using the


    PUBLIC keyword.
     The example allows all users on the system to query data from
    SYSTEM’s EMPLOYEES table.

    MAS-CS352-DBMS2
    Confirming Privileges Granted

    Data Dictionary View Description


    ROLE_SYS_PRIVS System privileges granted to roles
    ROLE_TAB_PRIVS Table privileges granted to roles
    USER_ROLE_PRIVS Roles accessible by the user
    USER_TAB_PRIVS_MADE Object privileges granted on the user’s objects
    USER_TAB_PRIVS_RECD Object privileges granted to the user
    USER_COL_PRIVS_MADE Object privileges granted on the
    columns of the user’s objects
    USER_COL_PRIVS_RECD Object privileges granted to the user on specific
    columns
    USER_SYS_PRIVS System privileges granted to the user

    MAS-CS352-DBMS2
    Revoking other Privileges

     You use the REVOKE statement to revoke privileges


    granted to other users.
     Privileges granted to others through the WITH GRANT
    OPTION clause are also revoked.
     Syntax:
    REVOKE {privilege [, privilege...]|ALL}
    ON object(table/view)
    FROM {user[, user...]|role|PUBLIC}
    [CASCADE CONSTRAINTS];

    MAS-CS352-DBMS2
    Revoking Object Privileges: Example

     As user TIGER, revoke the SELECT and INSERT privileges given to


    user IT_MGR on the EMPLOYEES table.

     Whenever IT_MGR tries to insert a new values he will encounter the


    system error: insufficient provileges

    MAS-CS352-DBMS2
    DELETING AN EXISTING USER

     To delete a specific User: Used the DROP command

    MAS-CS352-DBMS2
    Lesson Summary:
    In this lesson, you should have learned about statements that control
    access to the database and database objects.
     Create new user using CREATE USER user and is usually
    performed by the Database Admin
     Grant specific privileges either Private or Public using the GRANT
    option.
     Create specific privileges by using the CREATE ROLE
     Change password created by using the ALTER USER statement
     Removes privileges on an object by using the REVOKE statement

    MAS-CS352-DBMS2

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy