Les 07
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Les 07 as PDF for free.
More details
- Words: 1,013
- Pages: 28
7
Controlling User Access
Copyright © 2004, Oracle. All rights reserved.
Objectives After completing this lesson, you should be able to do the following: • Discuss the concepts of users, roles, and privileges • Create users • Create roles • Grant and revoke object privileges • Create and access database links
7-2
Copyright © 2004, Oracle. All rights reserved.
Controlling User Access •
Database security: – System security – Data security
• •
•
Database administrator
System privileges: Access to the database Username Object privileges: Ability and password privileges to manipulate the content of the database objects Schema: A collection of objects, such as tables, views, and sequences Users
7-3
Copyright © 2004, Oracle. All rights reserved.
7-4
Copyright © 2004, Oracle. All rights reserved.
Understanding System Privileges • •
There are more than 100 privileges. The DBA has high-level system privileges, including the right to: – – – –
7-5
Create new users Remove users Remove tables Back up tables
Copyright © 2004, Oracle. All rights reserved.
Creating Users The DBA creates users by using the CREATE USER statement. Syntax: CREATE USER user IDENTIFIED BY password;
Example: CREATE USER scott IDENTIFIED BY tiger; User created.
7-6
Copyright © 2004, Oracle. All rights reserved.
Granting System Privileges to a User • •
After a user is created, the DBA can grant that user specific system privileges. An application developer may have the following system privileges: – – – – –
7-7
CREATE CREATE CREATE CREATE CREATE
SESSION TABLE SEQUENCE VIEW PROCEDURE
Copyright © 2004, Oracle. All rights reserved.
Granting System Privileges Syntax: GRANT { system_privilege | role | ALL PRIVILEGES } [, { system_privilege | role | ALL PRIVILEGES }]... TO { user | role | PUBLIC } [, { user | role | PUBLIC }]... [IDENTIFIED BY password] [WITH ADMIN OPTION]
Example: GRANT create table, create sequence, create view TO scott; Grant succeeded.
7-8
Copyright © 2004, Oracle. All rights reserved.
Understanding Roles
Users
Manager
Privileges Allocating privileges without a role
7-9
Allocating privileges with a role
Copyright © 2004, Oracle. All rights reserved.
Creating a Role •
Create a role:
CREATE ROLE manager; Role created.
•
Grant privileges to a role:
GRANT create table, create view TO manager; Grant succeeded.
•
Grant a role to users:
GRANT manager to BLAKE, CLARK; Grant succeeded.
7-10
Copyright © 2004, Oracle. All rights reserved.
Changing Your Password • •
When the user account is created, a password is initialized. Users can change their passwords by using the ALTER USER statement.
ALTER USER scott IDENTIFIED BY lion; User altered.
7-11
Copyright © 2004, Oracle. All rights reserved.
Understanding Object Privileges Object Privilege
Table
View
ALTER
√
√
DELETE
√
Sequence Procedure
√ √
EXECUTE
7-12
INDEX
√
INSERT
√
REFERENCES
√
SELECT
√
√
UPDATE
√
√
√
√
Copyright © 2004, Oracle. All rights reserved.
Understanding Object Privileges • • •
Object privileges vary from object to object. An owner has all the privileges on the object. An owner can grant specific privileges on the owner’s object to another user. GRANT ON TO [WITH
7-13
{ALL [PRIVILEGES]|object_priv [(columns)]} object {user|role|PUBLIC} GRANT OPTION];
Copyright © 2004, Oracle. All rights reserved.
Granting Object Privileges •
Grant query privileges on the EMPLOYEES table.
GRANT ON TO Grant
•
Grant privileges to update specific columns to users and roles.
GRANT ON TO Grant
•
7-14
select employees sue, rich; succeeded.
update (department_id, location_id) departments scott, manager; succeeded.
To access the objects of other schemas on which you have access privileges, prefix the object name with the schema name followed by a period. Copyright © 2004, Oracle. All rights reserved.
Using the WITH GRANT OPTION and PUBLIC Keywords •
Give a user authority to pass along the privileges.
GRANT select, insert ON departments TO scott WITH GRANT OPTION; Grant succeeded.
•
Allow all users on the system to query data from Alice’s DEPARTMENTS table.
GRANT ON TO Grant
7-15
select alice.departments PUBLIC; succeeded.
Copyright © 2004, Oracle. All rights reserved.
7-16
Copyright © 2004, Oracle. All rights reserved.
Confirming Privileges Granted
7-17
Data Dictionary View
Description
ROLE_SYS_PRIVS
System privileges granted to roles
ROLE_TAB_PRIVS
Table privileges granted to roles
USER_ROLE_PRIVS
Roles accessible by the user
USER_TAB_PRIVS_MADE
Object privileges granted on the user’s objects
USER_TAB_PRIVS_RECD
Object privileges granted to the user
USER_COL_PRIVS_MADE
Object privileges granted on the columns of the user’s objects
USER_COL_PRIVS_RECD
Object privileges granted to the user on specific columns
USER_SYS_PRIVS
System privileges granted to the user
Copyright © 2004, Oracle. All rights reserved.
7-18
Copyright © 2004, Oracle. All rights reserved.
Revoking Object Privileges Syntax: REVOKE {privilege [, privilege...]|ALL} ON object FROM {user[, user...]|role|PUBLIC} [CASCADE CONSTRAINTS];
Example: As user ALICE, revoke the SELECT and INSERT privileges given to user SCOTT on the DEPARTMENTS table. REVOKE ON FROM Revoke 7-19
select, insert departments scott; succeeded. Copyright © 2004, Oracle. All rights reserved.
Understanding Database Links A database link connection allows local users to access data on a remote database. Local
Remote
EMP table
SELECT * FROM emp@HQ_ACME.COM;
7-20
HQ_ACME.COM database
Copyright © 2004, Oracle. All rights reserved.
7-21
Copyright © 2004, Oracle. All rights reserved.
Creating Database Links •
Create the database link.
CREATE PUBLIC DATABASE LINK hq.acme.com USING 'sales'; Database link created.
•
Write SQL statements that use the database link.
SELECT * FROM [email protected];
7-22
Copyright © 2004, Oracle. All rights reserved.
7-23
Copyright © 2004, Oracle. All rights reserved.
Summary In this lesson, you should have learned how to do the following: • Discuss the concepts of users, roles, and privileges • Create users • Create roles • Grant and revoke object privileges • Create and access database links
7-24
Copyright © 2004, Oracle. All rights reserved.
Practice 7: Overview This practice covers the following topics: • Granting other users privileges to your table • Modifying another user’s table through the privileges granted to you • Querying the data dictionary views related to privileges
7-25
Copyright © 2004, Oracle. All rights reserved.
7-26
Copyright © 2004, Oracle. All rights reserved.
7-27
Copyright © 2004, Oracle. All rights reserved.
7-28
Copyright © 2004, Oracle. All rights reserved.
Controlling User Access
Copyright © 2004, Oracle. All rights reserved.
Objectives After completing this lesson, you should be able to do the following: • Discuss the concepts of users, roles, and privileges • Create users • Create roles • Grant and revoke object privileges • Create and access database links
7-2
Copyright © 2004, Oracle. All rights reserved.
Controlling User Access •
Database security: – System security – Data security
• •
•
Database administrator
System privileges: Access to the database Username Object privileges: Ability and password privileges to manipulate the content of the database objects Schema: A collection of objects, such as tables, views, and sequences Users
7-3
Copyright © 2004, Oracle. All rights reserved.
7-4
Copyright © 2004, Oracle. All rights reserved.
Understanding System Privileges • •
There are more than 100 privileges. The DBA has high-level system privileges, including the right to: – – – –
7-5
Create new users Remove users Remove tables Back up tables
Copyright © 2004, Oracle. All rights reserved.
Creating Users The DBA creates users by using the CREATE USER statement. Syntax: CREATE USER user IDENTIFIED BY password;
Example: CREATE USER scott IDENTIFIED BY tiger; User created.
7-6
Copyright © 2004, Oracle. All rights reserved.
Granting System Privileges to a User • •
After a user is created, the DBA can grant that user specific system privileges. An application developer may have the following system privileges: – – – – –
7-7
CREATE CREATE CREATE CREATE CREATE
SESSION TABLE SEQUENCE VIEW PROCEDURE
Copyright © 2004, Oracle. All rights reserved.
Granting System Privileges Syntax: GRANT { system_privilege | role | ALL PRIVILEGES } [, { system_privilege | role | ALL PRIVILEGES }]... TO { user | role | PUBLIC } [, { user | role | PUBLIC }]... [IDENTIFIED BY password] [WITH ADMIN OPTION]
Example: GRANT create table, create sequence, create view TO scott; Grant succeeded.
7-8
Copyright © 2004, Oracle. All rights reserved.
Understanding Roles
Users
Manager
Privileges Allocating privileges without a role
7-9
Allocating privileges with a role
Copyright © 2004, Oracle. All rights reserved.
Creating a Role •
Create a role:
CREATE ROLE manager; Role created.
•
Grant privileges to a role:
GRANT create table, create view TO manager; Grant succeeded.
•
Grant a role to users:
GRANT manager to BLAKE, CLARK; Grant succeeded.
7-10
Copyright © 2004, Oracle. All rights reserved.
Changing Your Password • •
When the user account is created, a password is initialized. Users can change their passwords by using the ALTER USER statement.
ALTER USER scott IDENTIFIED BY lion; User altered.
7-11
Copyright © 2004, Oracle. All rights reserved.
Understanding Object Privileges Object Privilege
Table
View
ALTER
√
√
DELETE
√
Sequence Procedure
√ √
EXECUTE
7-12
INDEX
√
INSERT
√
REFERENCES
√
SELECT
√
√
UPDATE
√
√
√
√
Copyright © 2004, Oracle. All rights reserved.
Understanding Object Privileges • • •
Object privileges vary from object to object. An owner has all the privileges on the object. An owner can grant specific privileges on the owner’s object to another user. GRANT ON TO [WITH
7-13
{ALL [PRIVILEGES]|object_priv [(columns)]} object {user|role|PUBLIC} GRANT OPTION];
Copyright © 2004, Oracle. All rights reserved.
Granting Object Privileges •
Grant query privileges on the EMPLOYEES table.
GRANT ON TO Grant
•
Grant privileges to update specific columns to users and roles.
GRANT ON TO Grant
•
7-14
select employees sue, rich; succeeded.
update (department_id, location_id) departments scott, manager; succeeded.
To access the objects of other schemas on which you have access privileges, prefix the object name with the schema name followed by a period. Copyright © 2004, Oracle. All rights reserved.
Using the WITH GRANT OPTION and PUBLIC Keywords •
Give a user authority to pass along the privileges.
GRANT select, insert ON departments TO scott WITH GRANT OPTION; Grant succeeded.
•
Allow all users on the system to query data from Alice’s DEPARTMENTS table.
GRANT ON TO Grant
7-15
select alice.departments PUBLIC; succeeded.
Copyright © 2004, Oracle. All rights reserved.
7-16
Copyright © 2004, Oracle. All rights reserved.
Confirming Privileges Granted
7-17
Data Dictionary View
Description
ROLE_SYS_PRIVS
System privileges granted to roles
ROLE_TAB_PRIVS
Table privileges granted to roles
USER_ROLE_PRIVS
Roles accessible by the user
USER_TAB_PRIVS_MADE
Object privileges granted on the user’s objects
USER_TAB_PRIVS_RECD
Object privileges granted to the user
USER_COL_PRIVS_MADE
Object privileges granted on the columns of the user’s objects
USER_COL_PRIVS_RECD
Object privileges granted to the user on specific columns
USER_SYS_PRIVS
System privileges granted to the user
Copyright © 2004, Oracle. All rights reserved.
7-18
Copyright © 2004, Oracle. All rights reserved.
Revoking Object Privileges Syntax: REVOKE {privilege [, privilege...]|ALL} ON object FROM {user[, user...]|role|PUBLIC} [CASCADE CONSTRAINTS];
Example: As user ALICE, revoke the SELECT and INSERT privileges given to user SCOTT on the DEPARTMENTS table. REVOKE ON FROM Revoke 7-19
select, insert departments scott; succeeded. Copyright © 2004, Oracle. All rights reserved.
Understanding Database Links A database link connection allows local users to access data on a remote database. Local
Remote
EMP table
SELECT * FROM emp@HQ_ACME.COM;
7-20
HQ_ACME.COM database
Copyright © 2004, Oracle. All rights reserved.
7-21
Copyright © 2004, Oracle. All rights reserved.
Creating Database Links •
Create the database link.
CREATE PUBLIC DATABASE LINK hq.acme.com USING 'sales'; Database link created.
•
Write SQL statements that use the database link.
SELECT * FROM [email protected];
7-22
Copyright © 2004, Oracle. All rights reserved.
7-23
Copyright © 2004, Oracle. All rights reserved.
Summary In this lesson, you should have learned how to do the following: • Discuss the concepts of users, roles, and privileges • Create users • Create roles • Grant and revoke object privileges • Create and access database links
7-24
Copyright © 2004, Oracle. All rights reserved.
Practice 7: Overview This practice covers the following topics: • Granting other users privileges to your table • Modifying another user’s table through the privileges granted to you • Querying the data dictionary views related to privileges
7-25
Copyright © 2004, Oracle. All rights reserved.
7-26
Copyright © 2004, Oracle. All rights reserved.
7-27
Copyright © 2004, Oracle. All rights reserved.
7-28
Copyright © 2004, Oracle. All rights reserved.
Related Documents
Les 07
November 2019 4
Les 07
November 2019 11
Les 07
May 2020 12
Les Jeunes Et Les Vacances 11 07
December 2019 29
Les
May 2020 44
Les
June 2020 42More Documents from ""
Les 05
May 2020 15
Les 07
May 2020 12
Less05 Storage Tb3
May 2020 16
Installing The Oracle Database Software
May 2020 15
Les 09
May 2020 13