Les 07

  • Uploaded by: Makokhan
  • 0
  • 0
  • May 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Les 07 as PDF for free.

More details

  • Words: 1,013
  • Pages: 28
7

Controlling User Access

Copyright © 2004, Oracle. All rights reserved.

Objectives After completing this lesson, you should be able to do the following: • Discuss the concepts of users, roles, and privileges • Create users • Create roles • Grant and revoke object privileges • Create and access database links

7-2

Copyright © 2004, Oracle. All rights reserved.

Controlling User Access •

Database security: – System security – Data security

• •



Database administrator

System privileges: Access to the database Username Object privileges: Ability and password privileges to manipulate the content of the database objects Schema: A collection of objects, such as tables, views, and sequences Users

7-3

Copyright © 2004, Oracle. All rights reserved.

7-4

Copyright © 2004, Oracle. All rights reserved.

Understanding System Privileges • •

There are more than 100 privileges. The DBA has high-level system privileges, including the right to: – – – –

7-5

Create new users Remove users Remove tables Back up tables

Copyright © 2004, Oracle. All rights reserved.

Creating Users The DBA creates users by using the CREATE USER statement. Syntax: CREATE USER user IDENTIFIED BY password;

Example: CREATE USER scott IDENTIFIED BY tiger; User created.

7-6

Copyright © 2004, Oracle. All rights reserved.

Granting System Privileges to a User • •

After a user is created, the DBA can grant that user specific system privileges. An application developer may have the following system privileges: – – – – –

7-7

CREATE CREATE CREATE CREATE CREATE

SESSION TABLE SEQUENCE VIEW PROCEDURE

Copyright © 2004, Oracle. All rights reserved.

Granting System Privileges Syntax: GRANT { system_privilege | role | ALL PRIVILEGES } [, { system_privilege | role | ALL PRIVILEGES }]... TO { user | role | PUBLIC } [, { user | role | PUBLIC }]... [IDENTIFIED BY password] [WITH ADMIN OPTION]

Example: GRANT create table, create sequence, create view TO scott; Grant succeeded.

7-8

Copyright © 2004, Oracle. All rights reserved.

Understanding Roles

Users

Manager

Privileges Allocating privileges without a role

7-9

Allocating privileges with a role

Copyright © 2004, Oracle. All rights reserved.

Creating a Role •

Create a role:

CREATE ROLE manager; Role created.



Grant privileges to a role:

GRANT create table, create view TO manager; Grant succeeded.



Grant a role to users:

GRANT manager to BLAKE, CLARK; Grant succeeded.

7-10

Copyright © 2004, Oracle. All rights reserved.

Changing Your Password • •

When the user account is created, a password is initialized. Users can change their passwords by using the ALTER USER statement.

ALTER USER scott IDENTIFIED BY lion; User altered.

7-11

Copyright © 2004, Oracle. All rights reserved.

Understanding Object Privileges Object Privilege

Table

View

ALTER





DELETE



Sequence Procedure

√ √

EXECUTE

7-12

INDEX



INSERT



REFERENCES



SELECT





UPDATE









Copyright © 2004, Oracle. All rights reserved.

Understanding Object Privileges • • •

Object privileges vary from object to object. An owner has all the privileges on the object. An owner can grant specific privileges on the owner’s object to another user. GRANT ON TO [WITH

7-13

{ALL [PRIVILEGES]|object_priv [(columns)]} object {user|role|PUBLIC} GRANT OPTION];

Copyright © 2004, Oracle. All rights reserved.

Granting Object Privileges •

Grant query privileges on the EMPLOYEES table.

GRANT ON TO Grant



Grant privileges to update specific columns to users and roles.

GRANT ON TO Grant



7-14

select employees sue, rich; succeeded.

update (department_id, location_id) departments scott, manager; succeeded.

To access the objects of other schemas on which you have access privileges, prefix the object name with the schema name followed by a period. Copyright © 2004, Oracle. All rights reserved.

Using the WITH GRANT OPTION and PUBLIC Keywords •

Give a user authority to pass along the privileges.

GRANT select, insert ON departments TO scott WITH GRANT OPTION; Grant succeeded.



Allow all users on the system to query data from Alice’s DEPARTMENTS table.

GRANT ON TO Grant

7-15

select alice.departments PUBLIC; succeeded.

Copyright © 2004, Oracle. All rights reserved.

7-16

Copyright © 2004, Oracle. All rights reserved.

Confirming Privileges Granted

7-17

Data Dictionary View

Description

ROLE_SYS_PRIVS

System privileges granted to roles

ROLE_TAB_PRIVS

Table privileges granted to roles

USER_ROLE_PRIVS

Roles accessible by the user

USER_TAB_PRIVS_MADE

Object privileges granted on the user’s objects

USER_TAB_PRIVS_RECD

Object privileges granted to the user

USER_COL_PRIVS_MADE

Object privileges granted on the columns of the user’s objects

USER_COL_PRIVS_RECD

Object privileges granted to the user on specific columns

USER_SYS_PRIVS

System privileges granted to the user

Copyright © 2004, Oracle. All rights reserved.

7-18

Copyright © 2004, Oracle. All rights reserved.

Revoking Object Privileges Syntax: REVOKE {privilege [, privilege...]|ALL} ON object FROM {user[, user...]|role|PUBLIC} [CASCADE CONSTRAINTS];

Example: As user ALICE, revoke the SELECT and INSERT privileges given to user SCOTT on the DEPARTMENTS table. REVOKE ON FROM Revoke 7-19

select, insert departments scott; succeeded. Copyright © 2004, Oracle. All rights reserved.

Understanding Database Links A database link connection allows local users to access data on a remote database. Local

Remote

EMP table

SELECT * FROM emp@HQ_ACME.COM;

7-20

HQ_ACME.COM database

Copyright © 2004, Oracle. All rights reserved.

7-21

Copyright © 2004, Oracle. All rights reserved.

Creating Database Links •

Create the database link.

CREATE PUBLIC DATABASE LINK hq.acme.com USING 'sales'; Database link created.



Write SQL statements that use the database link.

SELECT * FROM [email protected];

7-22

Copyright © 2004, Oracle. All rights reserved.

7-23

Copyright © 2004, Oracle. All rights reserved.

Summary In this lesson, you should have learned how to do the following: • Discuss the concepts of users, roles, and privileges • Create users • Create roles • Grant and revoke object privileges • Create and access database links

7-24

Copyright © 2004, Oracle. All rights reserved.

Practice 7: Overview This practice covers the following topics: • Granting other users privileges to your table • Modifying another user’s table through the privileges granted to you • Querying the data dictionary views related to privileges

7-25

Copyright © 2004, Oracle. All rights reserved.

7-26

Copyright © 2004, Oracle. All rights reserved.

7-27

Copyright © 2004, Oracle. All rights reserved.

7-28

Copyright © 2004, Oracle. All rights reserved.

Related Documents

Les 07
November 2019 4
Les 07
November 2019 11
Les 07
May 2020 12
Les
May 2020 44
Les
June 2020 42

More Documents from ""

Les 05
May 2020 15
Les 07
May 2020 12
Less05 Storage Tb3
May 2020 16
Les 09
May 2020 13
Les 02
May 2020 1