les01
DESCRIPTION
oracle sql 11gTRANSCRIPT
![Page 1: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/1.jpg)
1Copyright © 2007, Oracle. All rights reserved.
Controlling User Access
![Page 2: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/2.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 2
Objectives
After completing this lesson, you should be able to do the following:
• Differentiate system privileges from object privileges
• Grant privileges on tables
• Grant roles
• Distinguish between privileges and roles
![Page 3: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/3.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 3
Lesson Agenda
• System privileges
• Creating a role
• Object privileges
• Revoking object privileges
![Page 4: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/4.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 4
Controlling User Access
Databaseadministrator
Users
Username and passwordPrivileges
![Page 5: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/5.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 5
Privileges
• Database security:– System security– Data security
• System privileges: Performing a particular action within the database
• Object privileges: Manipulating the content of the database objects
• Schemas: Collection of objects such as tables, views, and sequences
![Page 6: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/6.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 6
System Privileges
• More than 100 privileges are available.
• The database administrator has high-level system privileges for tasks such as:
– Creating new users– Removing users– Removing tables– Backing up tables
![Page 7: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/7.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 7
Creating Users
The database administrator (DBA) creates users with the CREATE USER statement.
CREATE USER demoIDENTIFIED BY demo;
CREATE USER user IDENTIFIED BY password;
![Page 8: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/8.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 8
User System Privileges
• After a user is created, the DBA can grant specific system privileges to that user.
• An application developer, for example, may have the following system privileges:
– CREATE SESSION– CREATE TABLE– CREATE SEQUENCE– CREATE VIEW– CREATE PROCEDURE
GRANT privilege [, privilege...]TO user [, user| role, PUBLIC...];
![Page 9: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/9.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 9
Granting System Privileges
The DBA can grant specific system privileges to a user.
GRANT create session, create table, create sequence, create viewTO demo;
![Page 10: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/10.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 10
Lesson Agenda
• System privileges
• Creating a role
• Object privileges
• Revoking object privileges
![Page 11: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/11.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 11
What Is a Role?
Allocating privilegeswithout a role
Allocating privilegeswith a role
Privileges
Users
Manager
![Page 12: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/12.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 12
Creating and Granting Privileges to a Role
• Create a role:
• Grant privileges to a role:
• Grant a role to users:
CREATE ROLE manager;
GRANT create table, create view TO manager;
GRANT manager TO BELL, KOCHHAR;
![Page 13: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/13.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 13
Changing Your Password
• The DBA creates your user account and initializes your password.
• You can change your password by using the ALTER USER statement.
ALTER USER demo IDENTIFIED BY employ;
![Page 14: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/14.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 14
Lesson Agenda
• System privileges
• Creating a role
• Object privileges
• Revoking object privileges
![Page 15: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/15.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 15
Object privilege Table View Sequence
Object Privileges
ALTER
DELETE
INDEX
INSERT
REFERENCES
SELECT
UPDATE
![Page 16: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/16.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 16
Object Privileges
• Object privileges vary from object to object.
• An owner has all the privileges on the object.
• An owner can give specific privileges on that owner’s object.
GRANT object_priv [(columns)] ON object TO {user|role|PUBLIC} [WITH GRANT OPTION];
![Page 17: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/17.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 17
Granting Object Privileges
• Grant query privileges on the EMPLOYEES table:
• Grant privileges to update specific columns to users and roles:
GRANT selectON employeesTO demo;
GRANT update (department_name, location_id)ON departmentsTO demo, manager;
![Page 18: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/18.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 18
Passing On Your Privileges
• Give a user authority to pass along privileges:
• Allow all users on the system to query data from Alice’s DEPARTMENTS table:
GRANT select, insertON departmentsTO demoWITH GRANT OPTION;
GRANT selectON alice.departmentsTO PUBLIC;
![Page 19: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/19.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 19
Confirming Granted Privileges
Data Dictionary View Description
ROLE_SYS_PRIVS System privileges granted to roles
ROLE_TAB_PRIVS Table privileges granted to roles
USER_ROLE_PRIVS Roles accessible by the user
USER_SYS_PRIVS System privileges granted to the user
USER_TAB_PRIVS_MADE Object privileges granted on the user’s objects
USER_TAB_PRIVS_RECD Object privileges granted to the user
USER_COL_PRIVS_MADE Object privileges granted on the columns of the user’s objects
USER_COL_PRIVS_RECD Object privileges granted to the user on specific columns
![Page 20: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/20.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 20
Lesson Agenda
• System privileges
• Creating a role
• Object privileges
• Revoking object privileges
![Page 21: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/21.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 21
Revoking Object Privileges
• You use the REVOKE statement to revoke privileges granted to other users.
• Privileges granted to others through the WITH GRANT OPTION clause are also revoked.
REVOKE {privilege [, privilege...]|ALL}ON objectFROM {user[, user...]|role|PUBLIC}[CASCADE CONSTRAINTS];
![Page 22: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/22.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 22
Revoking Object Privileges
Revoke the SELECT and INSERT privileges given to the demo user on the DEPARTMENTS table.
REVOKE select, insertON departmentsFROM demo;
![Page 23: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/23.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 23
Summary
In this lesson, you should have learned about statements that control access to the database and database objects.
Statement Action
CREATE USER Creates a user (usually performed by a DBA)
GRANT Gives other users privileges to access the objects
CREATE ROLE Creates a collection of privileges (usually performed by a DBA)
ALTER USER Changes a user’s password
REVOKE Removes privileges on an object from users
![Page 24: Les01](https://reader035.vdocument.in/reader035/viewer/2022062613/5454ab57b1af9f89308b492a/html5/thumbnails/24.jpg)
Copyright © 2007, Oracle. All rights reserved.1 - 24
Practice 1: Overview
This practice covers the following topics:
• Granting other users privileges to your table
• Modifying another user’s table through the privileges granted to you
• Creating a synonym