Scribd Logo
Carica

Benvenuto in Scribd!

  • Chapter 14 - Controlling User Access

    Caricato da

    S M Akash
    78 visualizzazioni24 pagine
    ch14

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    ch14

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    78 visualizzazioni24 pagine

    Chapter 14 - Controlling User Access

    Caricato da

    S M Akash
    ch14

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 24

    14

    Controlling User Access

    Copyright Oracle Corporation, 1998. All rights reserved.

    Objectives
    After
    After completing
    completing this
    this lesson,
    lesson, you
    you should
    should
    be
    be able
    able to
    to do
    do the
    the following:
    following:
    Create
    Create users
    users
    Create
    Create roles
    roles to
    to ease
    ease setup
    setup and
    and
    maintenance
    maintenance of
    of the
    the security
    security model
    model
    Use
    Use the
    the GRANT
    GRANT and
    and REVOKE
    REVOKE
    statements
    statements to
    to grant
    grant and
    and revoke
    revoke object
    object
    privileges
    privileges
    14-2

    Copyright Oracle Corporation, 1998. All rights reserved.

    Controlling User Access


    Database
    administrator

    Username and password


    privileges
    Users

    14-3

    Copyright Oracle Corporation, 1998. All rights reserved.

    Privileges
    Database
    Database security:
    security:
    System
    System security
    security
    Data
    Data security
    security
    System
    System privileges:
    privileges: Gain
    Gain access
    access to
    to the
    the
    database
    database
    Object
    Object privileges:
    privileges: Manipulate
    Manipulate the
    the
    content
    content of
    of the
    the database
    database objects
    objects
    Schema:
    Schema: Collection
    Collection of
    of objects,
    objects, such
    such as
    as
    tables,
    tables, views,
    views, and
    and sequences
    sequences
    14-4

    Copyright Oracle Corporation, 1998. All rights reserved.

    System Privileges
    More
    More than
    than 80
    80 privileges
    privileges are
    are available.
    available.
    The
    The DBA
    DBA has
    has high-level
    high-level system
    system
    privileges:
    privileges:
    Create
    Create new
    new users
    users
    Remove
    Remove users
    users
    Remove
    Remove tables
    tables
    Back
    Back up
    up tables
    tables

    14-5

    Copyright Oracle Corporation, 1998. All rights reserved.

    Creating Users
    The
    The DBA
    DBA creates
    creates users
    users by
    by using
    using the
    the
    CREATE
    CREATE USER
    USER statement.
    statement.
    CREATE
    user
    CREATE USER
    USER
    user
    IDENTIFIED
    IDENTIFIED BY
    BY password;
    password;

    SQL>
    SQL>
    22
    User
    User

    14-6

    CREATE
    CREATE USER
    USER
    IDENTIFIED
    IDENTIFIED BY
    BY
    created.
    created.

    scott
    scott
    tiger;
    tiger;

    Copyright Oracle Corporation, 1998. All rights reserved.

    User System Privileges


    Once
    Once aa user
    user is
    is created,
    created, the
    the DBA
    DBA can
    can grant
    grant
    specific
    specific system
    system privileges
    privileges to
    to aa user.
    user.
    GRANT
    GRANT privilege
    privilege [,
    [, privilege...]
    privilege...]
    TO
    TO user
    user [,
    [, user...];
    user...];

    An
    An application
    application developer
    developer may
    may have
    have the
    the
    following
    following system
    system privileges:
    privileges:
    CREATE
    CREATE SESSION
    SESSION
    CREATE
    CREATE TABLE
    TABLE
    CREATE
    CREATE SEQUENCE
    SEQUENCE
    CREATE
    CREATE VIEW
    VIEW
    CREATE
    CREATE PROCEDURE
    PROCEDURE
    14-7

    Copyright Oracle Corporation, 1998. All rights reserved.

    Granting System Privileges


    The
    The DBA
    DBA can
    can grant
    grant aa user
    user specific
    specific system
    system
    privileges.
    privileges.
    SQL>
    SQL> GRANT
    GRANT create
    create table,
    table, create
    create sequence,
    sequence, create
    create view
    view
    22 TO
    scott;
    TO
    scott;
    Grant
    Grant succeeded.
    succeeded.

    14-8

    Copyright Oracle Corporation, 1998. All rights reserved.

    What Is a Role?

    Users

    Manager

    Privileges
    Allocating privileges
    without a role

    14-9

    Allocating privileges
    with a role

    Copyright Oracle Corporation, 1998. All rights reserved.

    Creating and Granting Privileges


    to a Role
    SQL>
    SQL>
    Role
    Role

    CREATE
    CREATE ROLE
    ROLE manager;
    manager;
    created.
    created.

    SQL>
    SQL> GRANT
    GRANT create
    create table,
    table, create
    create view
    view
    22
    to
    to manager;
    manager;
    Grant
    Grant succeeded.
    succeeded.

    SQL>
    SQL> GRANT
    GRANT manager
    manager to
    to BLAKE,
    BLAKE, CLARK;
    CLARK;
    Grant
    Grant succeeded.
    succeeded.

    14-10

    Copyright Oracle Corporation, 1998. All rights reserved.

    Changing Your Password


    The
    The DBA
    DBA creates
    creates your
    your user
    user account
    account and
    and
    initializes
    initializes your
    your password.
    password.
    You
    You can
    can change
    change your
    your password
    password by
    by
    using
    using the
    the ALTER
    ALTER USER
    USER statement.
    statement.
    SQL>
    SQL>
    22
    User
    User

    14-11

    ALTER
    ALTER USER
    USER scott
    scott
    IDENTIFIED
    IDENTIFIED BY
    BY lion;
    lion;
    altered.
    altered.

    Copyright Oracle Corporation, 1998. All rights reserved.

    Object Privileges
    Object
    Privilege

    Table

    ALTER

    DELETE

    View

    Sequence Procedure

    EXECUTE

    INDEX

    INSERT

    REFERENCES

    SELECT

    UPDATE

    14-12

    Copyright Oracle Corporation, 1998. All rights reserved.

    Object Privileges
    Object
    Object privileges
    privileges vary
    vary from
    from object
    object to
    to object.
    object.
    An
    An owner
    owner has
    has all
    all the
    the privileges
    privileges on
    on the
    the object.
    object.
    An
    An owner
    owner can
    can give
    give specific
    specific privileges
    privileges on
    on that
    that
    owners
    owners object.
    object.
    GRANT
    object_priv
    GRANT
    object_priv [(columns)]
    [(columns)]
    ON
    object
    ON
    object
    TO
    {user|role|PUBLIC}
    TO
    {user|role|PUBLIC}
    [WITH
    [WITH GRANT
    GRANT OPTION];
    OPTION];

    14-13

    Copyright Oracle Corporation, 1998. All rights reserved.

    Granting Object Privileges


    Grant
    Grant query
    query privileges
    privileges on
    on the
    the EMP
    EMP table.
    table.
    SQL>
    select
    SQL> GRANT
    GRANT
    select
    22 ON
    emp
    ON
    emp
    33 TO
    sue,
    TO
    sue, rich;
    rich;
    Grant
    Grant succeeded.
    succeeded.

    Grant
    Grant privileges
    privileges to
    to update
    update specific
    specific
    columns
    columns to
    to users
    users and
    and roles.
    roles.
    SQL>
    update
    SQL> GRANT
    GRANT
    update
    22 ON
    dept
    ON
    dept
    33 TO
    scott,
    TO
    scott,
    Grant
    Grant succeeded.
    succeeded.

    14-14

    (dname,
    (dname, loc)
    loc)
    manager;
    manager;

    Copyright Oracle Corporation, 1998. All rights reserved.

    Using WITH GRANT OPTION


    and PUBLIC Keywords
    Give
    Give aa user
    user authority
    authority to
    to pass
    pass along
    along the
    the
    privileges.
    privileges.
    SQL>
    select,
    SQL> GRANT
    GRANT
    select, insert
    insert
    22 ON
    dept
    ON
    dept
    33 TO
    scott
    TO
    scott
    44 WITH
    WITH GRANT
    GRANT OPTION;
    OPTION;
    Grant
    Grant succeeded.
    succeeded.

    Allow
    Allow all
    all users
    users on
    on the
    the system
    system to
    to query
    query
    data
    data from
    from Alices
    Alices DEPT
    DEPT table.
    table.
    SQL>
    select
    SQL> GRANT
    GRANT
    select
    22 ON
    alice.dept
    ON
    alice.dept
    33 TO
    PUBLIC;
    TO
    PUBLIC;
    Grant
    Grant succeeded.
    succeeded.
    14-15

    Copyright Oracle Corporation, 1998. All rights reserved.

    Confirming Privileges Granted


    Data Dictionary Table

    Description

    ROLE_SYS_PRIVS

    System privileges granted to roles

    ROLE_TAB_PRIVS

    Table privileges granted to roles

    USER_ROLE_PRIVS

    Roles accessible by the user

    USER_TAB_PRIVS_MADE

    Object privileges granted on the


    users objects

    USER_TAB_PRIVS_RECD

    Object privileges granted to the


    user

    USER_COL_PRIVS_MADE

    Object privileges granted on the


    columns of the users objects

    USER_COL_PRIVS_RECD

    Object privileges granted to the


    user on specific columns

    14-16

    Copyright Oracle Corporation, 1998. All rights reserved.

    How to Revoke Object Privileges


    You
    You use
    use the
    the REVOKE
    REVOKE statement
    statement to
    to
    revoke
    revoke privileges
    privileges granted
    granted to
    to other
    other
    users.
    users.
    Privileges
    Privileges granted
    granted to
    to others
    others through
    through the
    the
    WITH
    WITH GRANT
    GRANT OPTION
    OPTION will
    will also
    also be
    be
    revoked.
    revoked.
    REVOKE
    REVOKE {privilege
    {privilege [,
    [, privilege...]|ALL}
    privilege...]|ALL}
    ON
    object
    ON
    object
    FROM
    {user[,
    FROM
    {user[, user...]|role|PUBLIC}
    user...]|role|PUBLIC}
    [CASCADE
    [CASCADE CONSTRAINTS];
    CONSTRAINTS];

    14-17

    Copyright Oracle Corporation, 1998. All rights reserved.

    Revoking Object Privileges


    As
    As user
    user Alice,
    Alice, revoke
    revoke the
    the SELECT
    SELECT and
    and
    INSERT
    INSERT privileges
    privileges given
    given to
    to user
    user Scott
    Scott on
    on
    the
    the DEPT
    DEPT table.
    table.
    SQL>
    SQL> REVOKE
    REVOKE select,
    select, insert
    insert
    22 ON
    dept
    ON
    dept
    33 FROM
    scott;
    FROM
    scott;
    Revoke
    Revoke succeeded.
    succeeded.

    14-18

    Copyright Oracle Corporation, 1998. All rights reserved.

    Summary
    Statement

    Action

    CREATE USER

    Allows the DBA to create a user

    GRANT

    Allows the user to give other users


    privileges to access the users
    objects

    CREATE ROLE

    Allows the DBA to create a collection


    of privileges

    ALTER USER

    Allows users to change their


    password

    REVOKE

    Removes privileges on an object from


    users

    14-19

    Copyright Oracle Corporation, 1998. All rights reserved.

    Practice Overview
    Granting
    Granting other
    other users
    users privileges
    privileges to
    to your
    your
    table
    table
    Modifying
    Modifying another
    another users
    users table
    table through
    through
    the
    the privileges
    privileges granted
    granted to
    to you
    you
    Creating
    Creating aa synonym
    synonym
    Querying
    Querying the
    the data
    data dictionary
    dictionary views
    views
    related
    related to
    to privileges
    privileges

    14-20

    Copyright Oracle Corporation, 1998. All rights reserved.

    14-21

    Copyright Oracle Corporation, 1998. All rights reserved.

    14-22

    Copyright Oracle Corporation, 1998. All rights reserved.

    14-23

    Copyright Oracle Corporation, 1998. All rights reserved.

    14-24

    Copyright Oracle Corporation, 1998. All rights reserved.

    Potrebbero piacerti anche