Les 01

Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 20

1

Controlling User Access

Copyright 2006, Oracle. All rights reserved.


Objectives

After completing this lesson, you should be able to do


the following:
Differentiate system privileges from object
privileges
Grant privileges on tables
View privileges in the data dictionary
Grant roles
Distinguish between privileges and roles

1-2 Copyright 2006, Oracle. All rights reserved.


Controlling User Access

Database
administrator

Username and password


Privileges
Users

1-3 Copyright 2006, Oracle. All rights reserved.


Privileges

Database security:
System security
Data security
System privileges: Gaining access to the database
Object privileges: Manipulating the content of the
database objects
Schemas: Collection of objects such as tables,
views, and sequences

1-4 Copyright 2006, Oracle. All rights reserved.


System Privileges

More than 100 privileges are available.


The database administrator has high-level system
privileges for tasks such as:
Creating new users
Removing users
Removing tables
Backing up tables

1-5 Copyright 2006, Oracle. All rights reserved.


Creating Users

The DBA creates users with the CREATE USER


statement.

CREATE USER user


IDENTIFIED BY password;

CREATE USER USER1


IDENTIFIED BY USER1;
User created.

1-6 Copyright 2006, Oracle. All rights reserved.


User System Privileges

After a user is created, the DBA can grant specific


system privileges to that user.
GRANT privilege [, privilege...]
TO user [, user| role, PUBLIC...];
An application developer, for example, may have
the following system privileges:
CREATE SESSION
CREATE TABLE
CREATE SEQUENCE
CREATE VIEW
CREATE PROCEDURE

1-7 Copyright 2006, Oracle. All rights reserved.


Granting System Privileges

The DBA can grant specific system privileges to a user.

GRANT create session, create table,


create sequence, create view
TO scott;
Grant succeeded.

1-8 Copyright 2006, Oracle. All rights reserved.


What Is a Role?

Users

Manager

Privileges

Allocating privileges Allocating privileges


without a role with a role

1-9 Copyright 2006, Oracle. All rights reserved.


Creating and Granting Privileges to a Role

Create a role:
CREATE ROLE manager;
Role created.
Grant privileges to a role:
GRANT create table, create view
TO manager;
Grant succeeded.
Grant a role to users:
GRANT manager TO BELL, KOCHHAR;
Grant succeeded.

1-10 Copyright 2006, Oracle. All rights reserved.


Changing Your Password

The DBA creates your user account and initializes


your password.
You can change your password by using the ALTER
USER statement.

ALTER USER HR
IDENTIFIED BY employ;
User altered.

1-11 Copyright 2006, Oracle. All rights reserved.


Object Privileges

Object
Privilege Table View Sequence Procedure

ALTER

DELETE

EXECUTE

INDEX

INSERT

REFERENCES

SELECT
UPDATE

1-12 Copyright 2006, Oracle. All rights reserved.


Object Privileges

Object privileges vary from object to object.


An owner has all the privileges on the object.
An owner can give specific privileges on that
owners object.
GRANT object_priv [(columns)]
ON object
TO {user|role|PUBLIC}
[WITH GRANT OPTION];

1-13 Copyright 2006, Oracle. All rights reserved.


Granting Object Privileges

Grant query privileges on the EMPLOYEES table:


GRANT select
ON employees
TO sue, rich;
Grant succeeded.

Grant privileges to update specific columns to


users and roles:
GRANT update (department_name, location_id)
ON departments
TO scott, manager;
Grant succeeded.

1-14 Copyright 2006, Oracle. All rights reserved.


Passing On Your Privileges

Give a user authority to pass along privileges:


GRANT select, insert
ON departments
TO scott
WITH GRANT OPTION;
Grant succeeded.

Allow all users on the system to query data from


Alices DEPARTMENTS table:
GRANT select
ON alice.departments
TO PUBLIC;
Grant succeeded.

1-15 Copyright 2006, Oracle. All rights reserved.


Confirming Privileges Granted

Data Dictionary View Description


ROLE_SYS_PRIVS System privileges granted to roles
ROLE_TAB_PRIVS Table privileges granted to roles
USER_ROLE_PRIVS Roles accessible by the user
USER_TAB_PRIVS_MADE Object privileges granted on the users
objects
USER_TAB_PRIVS_RECD Object privileges granted to the user
USER_COL_PRIVS_MADE Object privileges granted on the
columns of the users objects
USER_COL_PRIVS_RECD Object privileges granted to the user on
specific columns
USER_SYS_PRIVS System privileges granted to the user

1-16 Copyright 2006, Oracle. All rights reserved.


Revoking Object Privileges

You use the REVOKE statement to revoke privileges


granted to other users.
Privileges granted to others through the WITH
GRANT OPTION clause are also revoked.
REVOKE {privilege [, privilege...]|ALL}
ON object
FROM {user[, user...]|role|PUBLIC}
[CASCADE CONSTRAINTS];

1-17 Copyright 2006, Oracle. All rights reserved.


Revoking Object Privileges

As user Alice, revoke the SELECT and INSERT


privileges given to user Scott on the DEPARTMENTS
table.
REVOKE select, insert
ON departments
FROM scott;
Revoke succeeded.

1-18 Copyright 2006, Oracle. All rights reserved.


Summary

In this lesson, you should have learned about


statements that control access to the database and
database objects.
Statement Action
CREATE USER Creates a user (usually performed by a DBA)
GRANT Gives other users privileges to access the
objects
CREATE ROLE Creates a collection of privileges (usually
performed by a DBA)
ALTER USER Changes a users password
REVOKE Removes privileges on an object from users

1-19 Copyright 2006, Oracle. All rights reserved.


Practice 1: Overview

This practice covers the following topics:


Granting other users privileges to your table
Modifying another users table through the
privileges granted to you
Creating a synonym
Querying the data dictionary views related to
privileges

1-20 Copyright 2006, Oracle. All rights reserved.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy