Scribd
Upload
18 views23 pages

Module 5 Session 4

This document outlines the objectives and methods for creating and managing user access in a database, including creating users, roles, and granting or revoking privileges. It explains the distinction between system and object privileges, and provides SQL statements for user management and privilege control. Additionally, it covers the creation of database links for accessing remote data.

Uploaded by

PavithraGaneshShetty
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
18 views23 pages

Module 5 Session 4

This document outlines the objectives and methods for creating and managing user access in a database, including creating users, roles, and granting or revoking privileges. It explains the distinction between system and object privileges, and provides SQL statements for user management and privilege control. Additionally, it covers the creation of database links for accessing remote data.

Uploaded by

PavithraGaneshShetty
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 23

MODULE 5 SESSION 4

CCREATING ,MANANGING THE USER,PROVIDE


PRIVILEGES
13
Controlling User Access

Copyright © Oracle Corporation, 2001. All rights reserved.


Objectives

After completing this lesson, you should be able to


do the following:
• Create users
• Create roles to ease setup and maintenance of the
security model
• Use the GRANT and REVOKE statements to
grant and revoke object privileges
• Create and access database links

13-2 Copyright © Oracle Corporation, 2001. All rights reserved.


Controlling User Access

Database
administrator

Username and password


Privileges

Users

13-3 Copyright © Oracle Corporation, 2001. All rights reserved.


Privileges

• Database security:
– System security
– Data security
• System privileges: Gaining access to the database
• Object privileges: Manipulating the content of the
database objects
• Schemas: Collections of objects, such as tables,
views, and sequences

13-4 Copyright © Oracle Corporation, 2001. All rights reserved.


System Privileges

• More than 100 privileges are available.


• The database administrator has high-level system
privileges for tasks such as:
– Creating new users
– Removing users
– Removing tables
– Backing up tables

13-5 Copyright © Oracle Corporation, 2001. All rights reserved.


Creating Users

The DBA creates users by using the CREATE USER


statement.

CREATE USER user


IDENTIFIED BY password;

CREATE USER scott


IDENTIFIED BY tiger;
User created.

13-6 Copyright © Oracle Corporation, 2001. All rights reserved.


User System Privileges

• Once a user is created, the DBA can grant specific


system privileges to a user.
GRANT privilege [, privilege...]
TO user [, user| role,
PUBLIC...];
• An application developer, for example, may have
the following system privileges:
– CREATE SESSION
– CREATE TABLE
– CREATE SEQUENCE
– CREATE VIEW
– CREATE PROCEDURE

13-7 Copyright © Oracle Corporation, 2001. All rights reserved.


Granting System Privileges

The DBA can grant a user specific system privileges.

GRANT create session, create


table, create sequence,
create view
TO
scott; Grant
succeeded.

13-8 Copyright © Oracle Corporation, 2001. All rights reserved.


What is a Role?

Users

Manager

Privileges

Allocating Allocating
privileges privileges with
without a role a role

13-9 Copyright © Oracle Corporation, 2001. All rights reserved.


Creating and Granting Privileges to a Role

• Create a role
CREATE ROLE manager;
Role created.

• Grant privileges to a role


GRANT create table, create
view TO manager;
Grant succeeded.
• Grant a role to users
GRANT manager TO DEHAAN, KOCHHAR;
Grant succeeded.

13-10 Copyright © Oracle Corporation, 2001. All rights reserved.


Changing Your Password

• The DBA creates your user account and initializes


your password.
• You can change your password by using the
ALTER USER statement.

ALTER USER scott


IDENTIFIED BY
lion;
User altered.

13-11 Copyright © Oracle Corporation, 2001. All rights reserved.


Object Privileges

Object
Privilege Table View Sequence Procedure
ALTER √ √
DELETE √ √
EXECUTE √
INDEX √
INSERT √ √
REFERENCES √ √
SELECT √ √ √
UPDATE √ √

13-12 Copyright © Oracle Corporation, 2001. All rights reserved.


Object Privileges

• Object privileges vary from object to object.


• An owner has all the privileges on the object.
• An owner can give specific privileges on that
owner’s object.

GRANT object_priv
ON [(columns)]
TO object
[WITH GRANT OPTION];
{user|role|PUBLIC}

13-13 Copyright © Oracle Corporation, 2001. All rights reserved.


Granting Object Privileges

• Grant query privileges on the EMPLOYEES


table.
GRANT select
ON employees
TO
sue, rich;
Grant succeeded.

• Grant privileges to update specific columns to


users and roles.
GRANT update (department_name, location_id)
ON departments
TO scott,
manager; Grant
13-14 succeeded. Copyright © Oracle Corporation, 2001. All rights reserved.
Using the WITH GRANT OPTION and
PUBLIC
Keywords
• Give a user authority to pass along privileges.

GRANT select, insert


ON departments
TO scott
WITH GRANT OPTION;
Grant succeeded.

• Allow all users on the system to query data from


Alice’s DEPARTMENTS table.
GRANT select
ON alice.departments
TO PUBLIC;
Grant succeeded.

13-15 Copyright © Oracle Corporation, 2001. All rights reserved.


Confirming Privileges Granted
Data Dictionary View Description

ROLE_SYS_PRIVS System privileges granted to roles


ROLE_TAB_PRIVS Table privileges granted to roles
USER_ROLE_PRIVS Roles accessible by the user
USER_TAB_PRIVS_MADE Object privileges granted on
the user’s objects
USER_TAB_PRIVS_RECD Object privileges granted to
the user
USER_COL_PRIVS_MADE Object privileges granted on
the columns of the user’s
objects
USER_COL_PRIVS_RECD Object privileges granted to
the user on specific columns
USER_SYS_PRIVS Lists system privileges granted
13-16 Copyright © Oracle Corporation, 2001. All rights reserved.
How to Revoke Object Privileges

• You use the REVOKE statement to revoke


privileges granted to other users.
• Privileges granted to others through the WITH
GRANT OPTION clause are also revoked.

REVOKE {privilege [, privilege...]|


ALL} ON object
FROM {user[, user...]|role|PUBLIC}
[CASCADE CONSTRAINTS];

13-17 Copyright © Oracle Corporation, 2001. All rights reserved.


Revoking Object Privileges

As user Alice, revoke the SELECT and INSERT


privileges given to user Scott on the DEPARTMENTS
table.

REVOKE select, insert


ON departments
FROM scott;
Revoke succeeded.

13-18 Copyright © Oracle Corporation, 2001. All rights reserved.


Database Links

A database link connection allows local users to


access data on a remote database.

Local Remote

EMP
Table

SELECT * FROM HQ_ACME.COM


emp@HQ_ACME.COM; database

13-19 Copyright © Oracle Corporation, 2001. All rights reserved.


Database Links

• Create the database link.


CREATE PUBLIC DATABASE LINK hq.acme.com
USING 'sales';
Database link
created.
• Write SQL statements that use the database link.

SELECT *
FROM emp@HQ.ACME.COM;

13-20 Copyright © Oracle Corporation, 2001. All rights reserved.


Summary

In this lesson, you should have learned about DCL


statements that control access to the database and
database objects:
Statement Action
CREATE USER Creates a user (usually performed by
a DBA)
GRANT Gives other users privileges to
access the your objects
CREATE ROLE Creates a collection of privileges
(usually performed by a DBA)
ALTER USER Changes a user’s password
REVOKE Removes privileges on an object
from users

13-21 Copyright © Oracle Corporation, 2001. All rights reserved.


Practice 13 Overview

This practice covers the following topics:


• Granting other users privileges to your table
• Modifying another user’s table through the
privileges granted to you
• Creating a synonym
• Querying the data dictionary views related to
privileges

13-22 Copyright © Oracle Corporation, 2001. All rights reserved.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy