Presentation is loading. Please wait.

Presentation is loading. Please wait.

17 Copyright © Oracle Corporation, 2001. All rights reserved. Managing Roles.

Published byNancy Hall Modified over 8 years ago

Similar presentations

Presentation on theme: "17 Copyright © Oracle Corporation, 2001. All rights reserved. Managing Roles."— Presentation transcript:

1 17 Copyright © Oracle Corporation, 2001. All rights reserved. Managing Roles

2 17-2 Copyright © Oracle Corporation, 2001. All rights reserved. Objectives After completing this lesson, you should be able to do the following: Create and modify roles Control availability of roles Remove roles Use predefined roles Display role information from the data dictionary

3 17-3 Copyright © Oracle Corporation, 2001. All rights reserved. Users Privileges Roles UPDATE ON JOBS INSERT ON JOBS SELECT ON JOBS CREATE TABLE CREATE SESSION HR_CLERKHR_MGR A B C Roles

4 17-4 Copyright © Oracle Corporation, 2001. All rights reserved. Easier privilege management Dynamic privilege management Selective availability of privileges Can be granted through the operating system Benefits of Roles

5 17-5 Copyright © Oracle Corporation, 2001. All rights reserved. Roles with ADMIN option: Not identified: By password: Identified externally: CREATE ROLE oe_clerk; CREATE ROLE hr_clerk IDENTIFIED BY bonus; CREATE ROLE hr_manager IDENTIFIED EXTERNALLY; Creating Roles

6 17-6 Copyright © Oracle Corporation, 2001. All rights reserved.

7 17-7 Copyright © Oracle Corporation, 2001. All rights reserved. Role NameDescription CONNECT, These roles are provided RESOURCE, DBA for backward compatibility EXP_FULL_DATABASE Privileges to export the database IMP_FULL_DATABASE Privileges to import the database DELETE_CATALOG_ROLEDELETE privileges on data dictionary tables EXECUTE_CATALOG_ROLEEXECUTE privilege on data dictionary packages SELECT_CATALOG_ROLESELECT privilege on data dictionary tables Predefined Roles

8 17-8 Copyright © Oracle Corporation, 2001. All rights reserved. ALTER ROLE hr_clerk IDENTIFIED EXTERNALLY; ALTER ROLE hr_manager NOT IDENTIFIED; ALTER ROLE oe_clerk IDENTIFIED BY order; Modifying Roles Use ALTER ROLE to modify the authentication method. Requires the ADMIN option or ALTER ANY ROLE privilege.

9 17-9 Copyright © Oracle Corporation, 2001. All rights reserved.

10 17-10 Copyright © Oracle Corporation, 2001. All rights reserved. GRANT hr_clerk TO hr_manager; GRANT oe_clerk TO scott; GRANT hr_manager TO scott WITH ADMIN OPTION; Assigning Roles Use GRANT command to assign a role

11 17-11 Copyright © Oracle Corporation, 2001. All rights reserved.

12 17-12 Copyright © Oracle Corporation, 2001. All rights reserved.

13 17-13 Copyright © Oracle Corporation, 2001. All rights reserved. ALTER USER scott DEFAULT ROLE hr_clerk, oe_clerk; ALTER USER scott DEFAULT ROLE ALL; ALTER USER scott DEFAULT ROLE ALL EXCEPT hr_clerk; ALTER USER scott DEFAULT ROLE NONE; Establishing Default Roles A user can be assigned many roles. A user can be assigned a default role. Limit the number of default roles for a user.

14 17-14 Copyright © Oracle Corporation, 2001. All rights reserved.

15 17-15 Copyright © Oracle Corporation, 2001. All rights reserved. Application roles can be enabled only by authorized PL/SQL packages. The USING package clause creates an application role. CREATE ROLE admin_role IDENTIFIED USING hr.employee; Application Roles

16 17-16 Copyright © Oracle Corporation, 2001. All rights reserved. Enabling and Disabling Roles Disable a role to revoke the role from a user temporarily. Enable a role to grant it temporarily. The SET ROLE command enables and disables roles. Default roles are enabled for a user at login. A password may be required to enable a role.

17 17-17 Copyright © Oracle Corporation, 2001. All rights reserved.

18 17-18 Copyright © Oracle Corporation, 2001. All rights reserved. SET ROLE hr_clerk; SET ROLE oe_clerk IDENTIFIED BY order; SET ROLE ALL EXCEPT oe_clerk; Enabling and Disabling Roles

19 17-19 Copyright © Oracle Corporation, 2001. All rights reserved. Revoking roles from users requires the ADMIN OPTION or GRANT ANY ROLE privilege. To revoke a role: REVOKE hr_manager FROM PUBLIC; REVOKE oe_clerk FROM scott; Revoking Roles from Users

20 17-20 Copyright © Oracle Corporation, 2001. All rights reserved.

21 17-21 Copyright © Oracle Corporation, 2001. All rights reserved. DROP ROLE hr_manager; Removing Roles Dropping a role: –Removes it from all users and roles it was granted –Removes it from the database Requires the ADMIN OPTION or DROP ANY ROLE privilege To drop a role:

22 17-22 Copyright © Oracle Corporation, 2001. All rights reserved.

23 17-23 Copyright © Oracle Corporation, 2001. All rights reserved. HR_MANAGERHR_CLERKPAY_CLERK User roles Application roles Application privileges Users Payroll privilegesBenefits privileges Guidelines for Creating Roles BENEFITSPAYROLL

24 17-24 Copyright © Oracle Corporation, 2001. All rights reserved. Default rolePassword protected (not default) Select privileges INSERT, UPDATE, DELETE, and SELECT privileges PAY_CLERKPAY_CLERK_RO Guidelines for Using Passwords and Default Roles

25 17-25 Copyright © Oracle Corporation, 2001. All rights reserved. Obtaining Role Information Information about roles can be obtained by querying the following views: DBA_ROLES : All roles that exist in the database DBA_ROLES_PRIVS : Roles granted to users and roles ROLE_ROL_PRIVS : Roles that are granted to roles DBA_SYS_PRIVS : System privileges granted to users and roles ROLE_SYS_PRIVS : System privileges granted to roles ROLE_TAB_PRIVS : Object privileges granted to roles SESSION_ROLES : Roles that the user currently has enabled

26 17-26 Copyright © Oracle Corporation, 2001. All rights reserved. In this lesson, you should have learned how to: Create roles Assign privileges to roles Assign roles to users or roles Establish default roles Summary

27 17-27 Copyright © Oracle Corporation, 2001. All rights reserved. Practice 17 Overview This practice covers the following topics: Listing system privileges for a role Creating, assigning, and dropping roles Creating application roles

28 17-28 Copyright © Oracle Corporation, 2001. All rights reserved.

Download ppt "17 Copyright © Oracle Corporation, 2001. All rights reserved. Managing Roles."

Similar presentations

14-1 Copyright  Oracle Corporation, 1998. All rights reserved. Privileges Database security: – System security – Data security System privileges: Gain.

14-1 Copyright  Oracle Corporation, All rights reserved. Privileges Database security: – System security – Data security System privileges: Gain.
13 Copyright © Oracle Corporation, 2001. All rights reserved. Controlling User Access.

13 Copyright © Oracle Corporation, All rights reserved. Controlling User Access.
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.

Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.
Administering User Security

Administering User Security
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.

By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.
14 Copyright © Oracle Corporation, 2001. All rights reserved. Managing Password Security and Resources.

14 Copyright © Oracle Corporation, All rights reserved. Managing Password Security and Resources.
CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.

CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.
9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.

9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
Copyright س Oracle Corporation, 1998. All rights reserved. 14 Controlling User Access.

Copyright س Oracle Corporation, All rights reserved. 14 Controlling User Access.
Database Programming Sections 13–Creating, revoking objects privileges.

Database Programming Sections 13–Creating, revoking objects privileges.
Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.

Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.
Week 7 Lecture 1 Database Roles. Learning Objectives  Discover when and why to use roles  Learn how to create, modify, and remove roles  Learn how.

Week 7 Lecture 1 Database Roles. Learning Objectives  Discover when and why to use roles  Learn how to create, modify, and remove roles  Learn how.
IS 221: DATABASE ADMINISTRATION Lecture 6:Create Users & Manage Users. Information Systems Department 1.

IS 221: DATABASE ADMINISTRATION Lecture 6:Create Users & Manage Users. Information Systems Department 1.
7 Copyright © 2004, Oracle. All rights reserved. Administering Users.

7 Copyright © 2004, Oracle. All rights reserved. Administering Users.
16 Copyright © Oracle Corporation, 2001. All rights reserved. Managing Privileges.

16 Copyright © Oracle Corporation, All rights reserved. Managing Privileges.
Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.

Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.

Copyright © 2013 Curt Hill Database Security An Overview with some SQL.

Similar presentations

Ads by Google