Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Objectives
After
After completing
completing this
this lesson,
lesson, you
you should
should
be
be able
able to
to do
do the
the following:
following:
Create
Create users
users
Create
Create roles
roles to
to ease
ease setup
setup and
and
maintenance
maintenance of
of the
the security
security model
model
Use
Use the
the GRANT
GRANT and
and REVOKE
REVOKE
statements
statements to
to grant
grant and
and revoke
revoke object
object
privileges
privileges
14-2
14-3
Privileges
Database
Database security:
security:
System
System security
security
Data
Data security
security
System
System privileges:
privileges: Gain
Gain access
access to
to the
the
database
database
Object
Object privileges:
privileges: Manipulate
Manipulate the
the
content
content of
of the
the database
database objects
objects
Schema:
Schema: Collection
Collection of
of objects,
objects, such
such as
as
tables,
tables, views,
views, and
and sequences
sequences
14-4
System Privileges
More
More than
than 80
80 privileges
privileges are
are available.
available.
The
The DBA
DBA has
has high-level
high-level system
system
privileges:
privileges:
Create
Create new
new users
users
Remove
Remove users
users
Remove
Remove tables
tables
Back
Back up
up tables
tables
14-5
Creating Users
The
The DBA
DBA creates
creates users
users by
by using
using the
the
CREATE
CREATE USER
USER statement.
statement.
CREATE
user
CREATE USER
USER
user
IDENTIFIED
IDENTIFIED BY
BY password;
password;
SQL>
SQL>
22
User
User
14-6
CREATE
CREATE USER
USER
IDENTIFIED
IDENTIFIED BY
BY
created.
created.
scott
scott
tiger;
tiger;
An
An application
application developer
developer may
may have
have the
the
following
following system
system privileges:
privileges:
CREATE
CREATE SESSION
SESSION
CREATE
CREATE TABLE
TABLE
CREATE
CREATE SEQUENCE
SEQUENCE
CREATE
CREATE VIEW
VIEW
CREATE
CREATE PROCEDURE
PROCEDURE
14-7
14-8
What Is a Role?
Users
Manager
Privileges
Allocating privileges
without a role
14-9
Allocating privileges
with a role
CREATE
CREATE ROLE
ROLE manager;
manager;
created.
created.
SQL>
SQL> GRANT
GRANT create
create table,
table, create
create view
view
22
to
to manager;
manager;
Grant
Grant succeeded.
succeeded.
SQL>
SQL> GRANT
GRANT manager
manager to
to BLAKE,
BLAKE, CLARK;
CLARK;
Grant
Grant succeeded.
succeeded.
14-10
14-11
ALTER
ALTER USER
USER scott
scott
IDENTIFIED
IDENTIFIED BY
BY lion;
lion;
altered.
altered.
Object Privileges
Object
Privilege
Table
ALTER
DELETE
View
Sequence Procedure
EXECUTE
INDEX
INSERT
REFERENCES
SELECT
UPDATE
14-12
Object Privileges
Object
Object privileges
privileges vary
vary from
from object
object to
to object.
object.
An
An owner
owner has
has all
all the
the privileges
privileges on
on the
the object.
object.
An
An owner
owner can
can give
give specific
specific privileges
privileges on
on that
that
owners
owners object.
object.
GRANT
object_priv
GRANT
object_priv [(columns)]
[(columns)]
ON
object
ON
object
TO
{user|role|PUBLIC}
TO
{user|role|PUBLIC}
[WITH
[WITH GRANT
GRANT OPTION];
OPTION];
14-13
Grant
Grant privileges
privileges to
to update
update specific
specific
columns
columns to
to users
users and
and roles.
roles.
SQL>
update
SQL> GRANT
GRANT
update
22 ON
dept
ON
dept
33 TO
scott,
TO
scott,
Grant
Grant succeeded.
succeeded.
14-14
(dname,
(dname, loc)
loc)
manager;
manager;
Allow
Allow all
all users
users on
on the
the system
system to
to query
query
data
data from
from Alices
Alices DEPT
DEPT table.
table.
SQL>
select
SQL> GRANT
GRANT
select
22 ON
alice.dept
ON
alice.dept
33 TO
PUBLIC;
TO
PUBLIC;
Grant
Grant succeeded.
succeeded.
14-15
Description
ROLE_SYS_PRIVS
ROLE_TAB_PRIVS
USER_ROLE_PRIVS
USER_TAB_PRIVS_MADE
USER_TAB_PRIVS_RECD
USER_COL_PRIVS_MADE
USER_COL_PRIVS_RECD
14-16
14-17
14-18
Summary
Statement
Action
CREATE USER
GRANT
CREATE ROLE
ALTER USER
REVOKE
14-19
Practice Overview
Granting
Granting other
other users
users privileges
privileges to
to your
your
table
table
Modifying
Modifying another
another users
users table
table through
through
the
the privileges
privileges granted
granted to
to you
you
Creating
Creating aa synonym
synonym
Querying
Querying the
the data
data dictionary
dictionary views
views
related
related to
to privileges
privileges
14-20
14-21
14-22
14-23
14-24