Managing Privileges pot

Trang 1

16 Managing Privileges

Trang 2

Objectives

After completing this lesson, you should be able to do the following:

• Identify system and object privileges

• Grant and revoke privileges

• Obtain privilege information

Trang 3

There are two types of Oracle user privileges:

• System: Enables users to perform particular actions

in the database

• Object: Enables users to access and manipulate a

specific object

Managing Privileges

Trang 4

• More than 100 distinct system privileges

• ANY keyword in privileges signifies that users have the privilege in any schema.

• GRANT command adds a privilege to a user or a

group of users.

• REVOKE command deletes the privileges.

System Privileges

Trang 5

Category Examples

INDEX CREATE ANY INDEX

ALTER ANY INDEX DROP ANY INDEX TABLE CREATE TABLE

CREATE ANY TABLE ALTER ANY TABLE DROP ANY TABLE SELECT ANY TABLE UPDATE ANY TABLE DELETE ANY TABLE SESSION CREATE SESSION

ALTER SESSION RESTRICTED SESSION TABLESPACE CREATE TABLESPACE

ALTER TABLESPACE DROP TABLESPACE UNLIMITED TABLESPACE

System Privileges: Examples

Trang 6

GRANT CREATE SESSION TO emi;

GRANT CREATE SESSION TO emi WITH ADMIN OPTION;

Granting System Privileges

• Use the GRANT command to grant system privileges.

• The grantee can further grant the system privilege

with the ADMIN option.

Trang 7

SYSDBA and SYSOPER

Privileges

Examples Category

SYSOPER

RECOVER DATABASE ALTER DATABASE BACKUP CONTROLFILE TO ALTER DATABASE OPEN | MOUNT

SHUTDOWN STARTUP

ALTER DATABASE ARCHIVELOG RESTRICTED SESSION

SYSOPER PRIVILEGES WITH ADMIN OPTION SYSDBA

ALTER TABLESPACE BEGIN/END BACKUP RESTRICTED SESSION

RECOVER DATABASE UNTIL CREATE DATABASE

Trang 8

The O7_DICTIONARY_ACCESSIBILITY parameter:

• Controls restrictions on SYSTEM privileges

• If set to TRUE, allows access to objects in SYS

schema

• The default is FALSE: ensures that system privileges that allow access to any schema do not allow

access to SYS schema

System Privilege Restrictions

Trang 9

REVOKE CREATE TABLE FROM emi;

Revoking System Privileges

• Use the REVOKE command to remove a system

privilege from a user.

• Users with ADMIN OPTION for system privilege can revoke system privileges.

• Only privileges granted with a GRANT command can

be revoked.

Trang 10

DBA

GRANT

REVOKE

Jeff Emi

Jeff Emi DBA

Revoking System Privileges with the ADMIN OPTION

Trang 11

Object priv Table View Sequence Procedure ALTER √ √ √

INDEX √ √

REFERENCES √

SELECT √ √ √

Object Privileges

Trang 12

GRANT EXECUTE ON dbms_output TO jeff;

GRANT UPDATE ON emi.customers TO jeff WITH

GRANT OPTION;

Granting Object Privileges

• Use the GRANT command to grant object privileges.

• Grant must be in grantor’s schema or grantor must

have GRANT OPTION.

Trang 13

REVOKE SELECT ON emi.orders FROM jeff;

Revoking Object Privileges

• Use the REVOKE command to revoke object

privileges.

• User revoking the privilege must be the original

grantor of the object privilege being revoked.

Trang 14

GRANT

REVOKE

Bob Jeff Emi

Emi Jeff

Bob

Revoking Object Privileges

with GRANT OPTION

Trang 15

Obtaining Privileges Information

Information about privileges can be obtained by querying the following views:

• DBA_SYS_PRIVS

• SESSION_PRIVS

• DBA_TAB_PRIVS

• DBA_COL_PRIVS

Trang 16

Summary

In this lesson, you should have learned how to:

• Identify system and object privileges

• Grant and revoke privileges

• Obtain privilege information

Trang 17

Practice 16 Overview

This practice covers the following topics:

• Creating user and granting system privileges

• Granting object privileges to users

Định dạng
Số trang	17
Dung lượng	328 KB