Les14[1]Controlling User Access
Download as PPT, PDF0 likes140 views
The document outlines the process of controlling user access in a database environment, focusing on creating users and roles, and granting or revoking privileges. It details the distinction between system and object privileges, the creation of roles, and how these privileges can be managed through SQL commands. Additionally, it provides guidance on changing user passwords and confirms the privileges granted to users and roles.
![14-7 Copyright س Oracle Corporation, 1999. All rights reserved.
User System Privileges
GRANT privilege [, privilege...]
TO user [, user...];
• An application developer may have the
following system privileges:
– CREATE SESSION
– CREATE TABLE
– CREATE SEQUENCE
– CREATE VIEW
– CREATE PROCEDURE
• Once a user is created, the DBA can grant
specific system privileges to a user.](https://image.slidesharecdn.com/les141-220214164518/85/Les14-1-Controlling-User-Access-7-320.jpg)
![14-13 Copyright س Oracle Corporation, 1999. All rights reserved.
Object Privileges
• Object privileges vary from object to object.
• An owner has all the privileges on the object.
• An owner can give specific privileges on that
owner’s object.
GRANT object_priv [(columns)]
ON object
TO {user|role|PUBLIC}
[WITH GRANT OPTION];](https://image.slidesharecdn.com/les141-220214164518/85/Les14-1-Controlling-User-Access-13-320.jpg)
![14-17 Copyright س Oracle Corporation, 1999. All rights reserved.
How to Revoke Object Privileges
• You use the REVOKE statement to
revoke privileges granted to other
users.
• Privileges granted to others through the
WITH GRANT OPTION will also be
revoked.
REVOKE {privilege [, privilege...]|ALL}
ON object
FROM {user[, user...]|role|PUBLIC}
[CASCADE CONSTRAINTS];](https://image.slidesharecdn.com/les141-220214164518/85/Les14-1-Controlling-User-Access-17-320.jpg)
Les14[1]Controlling User Access
- 1. Copyright س Oracle Corporation, 1999. All rights reserved. 14 Controlling User Access
- 2. 14-2 Copyright س Oracle Corporation, 1999. All rights reserved. Objectives After completing this lesson, you should be able to do the following: • Create users • Create roles to ease setup and maintenance of the security model • Use the GRANT and REVOKE statements to grant and revoke object privileges
- 3. 14-3 Copyright س Oracle Corporation, 1999. All rights reserved. Controlling User Access Database administrator Users Username and password privileges
- 4. 14-4 Copyright س Oracle Corporation, 1999. All rights reserved. Privileges • Database security: – System security – Data security • System privileges: Gain access to the database • Object privileges: Manipulate the content of the database objects • Schema: Collection of objects, such as tables, views, and sequences
- 5. 14-5 Copyright س Oracle Corporation, 1999. All rights reserved. System Privileges • More than 80 privileges are available. • The DBA has high-level system privileges: – Create new users – Remove users – Remove tables – Back up tables
- 6. 14-6 Copyright س Oracle Corporation, 1999. All rights reserved. Creating Users The DBA creates users by using the CREATE USER statement. SQL> CREATE USER scott 2 IDENTIFIED BY tiger; User created. CREATE USER user IDENTIFIED BY password;
- 7. 14-7 Copyright س Oracle Corporation, 1999. All rights reserved. User System Privileges GRANT privilege [, privilege...] TO user [, user...]; • An application developer may have the following system privileges: – CREATE SESSION – CREATE TABLE – CREATE SEQUENCE – CREATE VIEW – CREATE PROCEDURE • Once a user is created, the DBA can grant specific system privileges to a user.
- 8. 14-8 Copyright س Oracle Corporation, 1999. All rights reserved. Granting System Privileges The DBA can grant a user specific system privileges. SQL> GRANT create table, create sequence, create view 2 TO scott; Grant succeeded.
- 9. 14-9 Copyright س Oracle Corporation, 1999. All rights reserved. What Is a Role? Allocating privileges without a role Allocating privileges with a role Privileges Users Manager
- 10. 14-10 Copyright س Oracle Corporation, 1999. All rights reserved. Creating and Granting Privileges to a Role SQL> CREATE ROLE manager; Role created. SQL> GRANT create table, create view 2 to manager; Grant succeeded. SQL> GRANT manager to BLAKE, CLARK; Grant succeeded.
- 11. 14-11 Copyright س Oracle Corporation, 1999. All rights reserved. Changing Your Password • The DBA creates your user account and initializes your password. • You can change your password by using the ALTER USER statement. SQL> ALTER USER scott 2 IDENTIFIED BY lion; User altered.
- 12. 14-12 Copyright س Oracle Corporation, 1999. All rights reserved. Object Privilege Table View Sequence Procedure ALTER ض ض DELETE ض ض EXECUTE ض INDEX ض INSERT ض ض REFERENCES ض SELECT ض ض ض UPDATE ض ض Object Privileges
- 13. 14-13 Copyright س Oracle Corporation, 1999. All rights reserved. Object Privileges • Object privileges vary from object to object. • An owner has all the privileges on the object. • An owner can give specific privileges on that owner’s object. GRANT object_priv [(columns)] ON object TO {user|role|PUBLIC} [WITH GRANT OPTION];
- 14. 14-14 Copyright س Oracle Corporation, 1999. All rights reserved. Granting Object Privileges SQL> GRANT select 2 ON emp 3 TO sue, rich; Grant succeeded. SQL> GRANT update (dname, loc) 2 ON dept 3 TO scott, manager; Grant succeeded. • Grant query privileges on the EMP table. • Grant privileges to update specific columns to users and roles.
- 15. 14-15 Copyright س Oracle Corporation, 1999. All rights reserved. Using WITH GRANT OPTION and PUBLIC Keywords • Allow all users on the system to query data from Alice’s DEPT table. SQL> GRANT select, insert 2 ON dept 3 TO scott 4 WITH GRANT OPTION; Grant succeeded. SQL> GRANT select 2 ON alice.dept 3 TO PUBLIC; Grant succeeded. • Give a user authority to pass along the privileges.
- 16. 14-16 Copyright س Oracle Corporation, 1999. All rights reserved. Confirming Privileges Granted Data Dictionary Table Description ROLE_SYS_PRIVS System privileges granted to roles ROLE_TAB_PRIVS Table privileges granted to roles USER_ROLE_PRIVS Roles accessible by the user USER_TAB_PRIVS_MADE Object privileges granted on the user’s objects USER_TAB_PRIVS_RECD Object privileges granted to the user USER_COL_PRIVS_MADE Object privileges granted on the columns of the user’s objects USER_COL_PRIVS_RECD Object privileges granted to the user on specific columns
- 17. 14-17 Copyright س Oracle Corporation, 1999. All rights reserved. How to Revoke Object Privileges • You use the REVOKE statement to revoke privileges granted to other users. • Privileges granted to others through the WITH GRANT OPTION will also be revoked. REVOKE {privilege [, privilege...]|ALL} ON object FROM {user[, user...]|role|PUBLIC} [CASCADE CONSTRAINTS];
- 18. 14-18 Copyright س Oracle Corporation, 1999. All rights reserved. Revoking Object Privileges As user Alice, revoke the SELECT and INSERT privileges given to user Scott on the DEPT table. SQL> REVOKE select, insert 2 ON dept 3 FROM scott; Revoke succeeded.
- 19. 14-19 Copyright س Oracle Corporation, 1999. All rights reserved. Summary Statement Action CREATE USER Allows the DBA to create a user GRANT Allows the user to give other users privileges to access the user’s objects CREATE ROLE Allows the DBA to create a collection of privileges ALTER USER Allows users to change their password REVOKE Removes privileges on an object from users
- 20. 14-20 Copyright س Oracle Corporation, 1999. All rights reserved. Practice Overview • Granting other users privileges to your table • Modifying another user’s table through the privileges granted to you • Creating a synonym • Querying the data dictionary views related to privileges