Scribd
Upload
83 views23 pages

Managing Database User Privileges

This document outlines the principles of controlling user access in a database, focusing on system and object privileges, roles, and the process of granting and revoking these privileges. It details how database administrators can create users, assign privileges, and manage roles to ensure secure access to database objects. Key SQL commands such as CREATE USER, GRANT, ALTER USER, and REVOKE are highlighted for managing user access effectively.

Uploaded by

rezidharmasetiawan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
83 views23 pages

Managing Database User Privileges

This document outlines the principles of controlling user access in a database, focusing on system and object privileges, roles, and the process of granting and revoking these privileges. It details how database administrators can create users, assign privileges, and manage roles to ensure secure access to database objects. Key SQL commands such as CREATE USER, GRANT, ALTER USER, and REVOKE are highlighted for managing user access effectively.

Uploaded by

rezidharmasetiawan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Controlling User Access

Copyright © 2007, Oracle. All rights reserved.


Objectives

After completing this lesson, you should be able to do the


following:
• Differentiate system privileges from object privileges
• Grant privileges on tables
• Grant roles
• Distinguish between privileges and roles

1-2 Copyright © 2007, Oracle. All rights reserved.


Lesson Agenda

• System privileges
• Creating a role
• Object privileges
• Revoking object privileges

1-3 Copyright © 2007, Oracle. All rights reserved.


Controlling User Access

Database
administrator

Username and password


Privileges
Users

1-4 Copyright © 2007, Oracle. All rights reserved.


Privileges

• Database security:
– System security
– Data security
• System privileges: Performing a particular action within the
database
• Object privileges: Manipulating the content of the database
objects
• Schemas: Collection of objects such as tables, views, and
sequences

1-5 Copyright © 2007, Oracle. All rights reserved.


System Privileges

• More than 100 privileges are available.


• The database administrator has high-level system privileges
for tasks such as:
– Creating new users
– Removing users
– Removing tables
– Backing up tables

1-6 Copyright © 2007, Oracle. All rights reserved.


Creating Users

The database administrator (DBA) creates users with the CREATE


USER statement.
CREATE USER user
IDENTIFIED BY password;

CREATE USER demo


IDENTIFIED BY demo;

1-7 Copyright © 2007, Oracle. All rights reserved.


User System Privileges

• After a user is created, the DBA can grant specific system


privileges to that user.
GRANT privilege [, privilege...]
TO user [, user| role, PUBLIC...];
• An application developer, for example, may have the
following system privileges:
– CREATE SESSION
– CREATE TABLE
– CREATE SEQUENCE
– CREATE VIEW
– CREATE PROCEDURE

1-8 Copyright © 2007, Oracle. All rights reserved.


Granting System Privileges

The DBA can grant specific system privileges to a user.

GRANT create session, create table,


create sequence, create view
TO demo;

1-9 Copyright © 2007, Oracle. All rights reserved.


Lesson Agenda

• System privileges
• Creating a role
• Object privileges
• Revoking object privileges

1 - 10 Copyright © 2007, Oracle. All rights reserved.


What Is a Role?

Users

Manager

Privileges

Allocating privileges Allocating privileges


without a role with a role

1 - 11 Copyright © 2007, Oracle. All rights reserved.


Creating and Granting Privileges to a Role

• Create a role:

CREATE ROLE manager;

• Grant privileges to a role:

GRANT create table, create view


TO manager;

• Grant a role to users:


GRANT manager TO BELL, KOCHHAR;

1 - 12 Copyright © 2007, Oracle. All rights reserved.


Changing Your Password

• The DBA creates your user account and initializes your


password.
• You can change your password by using the ALTER USER
statement.

ALTER USER demo


IDENTIFIED BY employ;

1 - 13 Copyright © 2007, Oracle. All rights reserved.


Lesson Agenda

• System privileges
• Creating a role
• Object privileges
• Revoking object privileges

1 - 14 Copyright © 2007, Oracle. All rights reserved.


Object Privileges

Object
privilege Table View Sequence
ALTER

DELETE

SELECT

INDEX

INSERT

REFERENCES
1 - 15 UPDATE Copyright © 2007, Oracle. All rights reserved.
Object Privileges

• Object privileges vary from object to object.


• An owner has all the privileges on the object.
• An owner can give specific privileges on that owner’s object.

GRANT object_priv [(columns)]


ON object
TO {user|role|PUBLIC}
[WITH GRANT OPTION];

1 - 16 Copyright © 2007, Oracle. All rights reserved.


Granting Object Privileges

• Grant query privileges on the EMPLOYEES table:


GRANT select
ON employees
TO demo;

• Grant privileges to update specific columns to users and


roles:
GRANT update (department_name, location_id)
ON departments
TO demo, manager;

1 - 17 Copyright © 2007, Oracle. All rights reserved.


Passing On Your Privileges

• Give a user authority to pass along privileges:


GRANT select, insert
ON departments
TO demo
WITH GRANT OPTION;
• Allow all users on the system to query data from Alice’s
DEPARTMENTS table:
GRANT select
ON [Link]
TO PUBLIC;

1 - 18 Copyright © 2007, Oracle. All rights reserved.


Confirming Granted Privileges

Data Dictionary View Description

ROLE_SYS_PRIVS System privileges granted to roles

ROLE_TAB_PRIVS Table privileges granted to roles

USER_ROLE_PRIVS Roles accessible by the user

USER_SYS_PRIVS System privileges granted to the user

USER_TAB_PRIVS_MADE Object privileges granted on the user’s objects

USER_TAB_PRIVS_RECD Object privileges granted to the user

USER_COL_PRIVS_MADE Object privileges granted on the columns of the user’s


objects

USER_COL_PRIVS_RECD Object privileges granted to the user on specific


columns

1 - 19 Copyright © 2007, Oracle. All rights reserved.


Lesson Agenda

• System privileges
• Creating a role
• Object privileges
• Revoking object privileges

1 - 20 Copyright © 2007, Oracle. All rights reserved.


Revoking Object Privileges

• You use the REVOKE statement to revoke privileges granted


to other users.
• Privileges granted to others through the WITH GRANT
OPTION clause are also revoked.

REVOKE {privilege [, privilege...]|ALL}


ON object
FROM {user[, user...]|role|PUBLIC}
[CASCADE CONSTRAINTS];

1 - 21 Copyright © 2007, Oracle. All rights reserved.


Revoking Object Privileges

Revoke the SELECT and INSERT privileges given to the demo


user on the DEPARTMENTS table.

REVOKE select, insert


ON departments
FROM demo;

1 - 22 Copyright © 2007, Oracle. All rights reserved.


Summary

In this lesson, you should have learned about statements that


control access to the database and database objects.

Statement Action

CREATE USER Creates a user (usually performed by a DBA)

GRANT Gives other users privileges to access the objects

CREATE ROLE Creates a collection of privileges (usually performed by a DBA)

ALTER USER Changes a user’s password

REVOKE Removes privileges on an object from users

1 - 23 Copyright © 2007, Oracle. All rights reserved.

You might also like