Upload
vernon-farmer
View
219
Download
0
Embed Size (px)
Citation preview
16-2 Copyright © Oracle Corporation, 2001. All rights reserved.
Objectives
After completing this lesson, you should be able to do the following:
• Identify system and object privileges
• Grant and revoke privileges
16-3 Copyright © Oracle Corporation, 2001. All rights reserved.
Two types of Oracle user privileges:
• System: Enables users to perform particular actions in the database
• Object: Enables users to access and manipulate a specific object
Managing Privileges
16-4 Copyright © Oracle Corporation, 2001. All rights reserved.
• There are more than 100 distinct system privileges.
• The ANY keyword in privileges signifies that users have the privilege in any schema.
• The GRANT command adds a privilege to a user or a group of users.
• The REVOKE command deletes the privileges.
System Privileges
16-5 Copyright © Oracle Corporation, 2001. All rights reserved.
Category Examples
INDEX CREATE ANY INDEXALTER ANY INDEXDROP ANY INDEX
TABLE CREATE TABLECREATE ANY TABLEALTER ANY TABLEDROP ANY TABLESELECT ANY TABLEUPDATE ANY TABLEDELETE ANY TABLE
SESSION CREATE SESSIONALTER SESSIONRESTRICTED SESSION
TABLESPACE CREATE TABLESPACEALTER TABLESPACEDROP TABLESPACEUNLIMITED TABLESPACE
System Privileges: Examples
16-6 Copyright © Oracle Corporation, 2001. All rights reserved.
GRANT CREATE SESSION TO emi;
GRANT CREATE SESSION TO emi WITH ADMIN OPTION;
Granting System Privileges
• Use the GRANT command to grant system privileges.
• Grantee can further grant the system privilege with ADMIN option.
16-8 Copyright © Oracle Corporation, 2001. All rights reserved.
SYSDBA and SYSOPERPrivileges
ExamplesCategory
SYSOPER
RECOVER DATABASE
ALTER DATABASE BACKUP CONTROLFILE TO
ALTER DATABASE OPEN | MOUNT
SHUTDOWN
STARTUP
ALTER DATABASE ARCHIVELOG
RESTRICTED SESSION
SYSOPER PRIVILEGES WITH ADMIN OPTIONSYSDBA
ALTER TABLESPACE BEGIN/END BACKUP
RESTRICTED SESSION
RECOVER DATABASE UNTIL
CREATE DATABASE
16-9 Copyright © Oracle Corporation, 2001. All rights reserved.
• O7_DICTIONARY_ACCESSIBILITY parameter
• Controls restrictions on SYSTEM privileges
• If set to TRUE, allows access to objects in SYS schema
• The default is FALSE: ensures that system privileges that allow access to any schema do not allow access to SYS schema
System Privilege Restrictions
16-10 Copyright © Oracle Corporation, 2001. All rights reserved.
REVOKE CREATE TABLE FROM emi;
Revoking System Privileges
• Use the REVOKE command to remove a system privilege from a user.
• Users with ADMIN OPTION for system privilege can revoke system privileges.
• Can only revoke privileges granted with a GRANT command.
16-12 Copyright © Oracle Corporation, 2001. All rights reserved.
DBA
GRANT
REVOKE
Jeff Emi
Jeff EmiDBA
Revoking System Privileges with the ADMIN OPTION
16-13 Copyright © Oracle Corporation, 2001. All rights reserved.
Object priv. Table View Sequence Procedure
ALTER
DELETE
EXECUTE
INDEX
INSERT
REFERENCES
SELECT
UPDATE
Object Privileges
16-14 Copyright © Oracle Corporation, 2001. All rights reserved.
GRANT EXECUTE ON dbms_output TO jeff;
GRANT UPDATE ON emi.customers TO jeff WITH GRANT OPTION;
Granting Object Privileges
• Use the GRANT command to grant object privileges.
• Grant must be in grantors schema or grantor must have GRANT OPTION.
16-17 Copyright © Oracle Corporation, 2001. All rights reserved.
REVOKE SELECT ON emi.orders FROM jeff;
Revoking Object Privileges
• Use the REVOKE command to revoke object privileges.
• User revoking the privilege must be the original grantor of the object privilege being revoked.
16-20 Copyright © Oracle Corporation, 2001. All rights reserved.
GRANT
REVOKE
Bob Jeff Emi
EmiJeffBob
Revoking Object Privileges WITH GRANT OPTION
16-21 Copyright © Oracle Corporation, 2001. All rights reserved.
Obtaining Privileges Information
Information about privileges can be obtained by querying the following views:
• DBA_SYS_PRIVS• SESSION_PRIVS• DBA_TAB_PRIVS• DBA_COL_PRIVS
16-22 Copyright © Oracle Corporation, 2001. All rights reserved.
Summary
In this lesson, you should have learned how to:
• Identify system and object privileges
• Grant and revoke privileges
16-23 Copyright © Oracle Corporation, 2001. All rights reserved.
Practice 16 Overview
This practice covers the following topics:
• Creating user and granting system privileges
• Granting object privileges to users