Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Copyright © 2006, Oracle. All rights reserved. Controlling User Access ( 사용자 접근 제어 )

Published byMarybeth Stephens Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Copyright © 2006, Oracle. All rights reserved. Controlling User Access ( 사용자 접근 제어 )"— Presentation transcript:

1 1 Copyright © 2006, Oracle. All rights reserved. Controlling User Access ( 사용자 접근 제어 )

2 1-2 Copyright © 2006, Oracle. All rights reserved. Objectives After completing this lesson, you should be able to do the following: Differentiate system privileges from object privileges Grant privileges on tables View privileges in the data dictionary Grant roles Distinguish between privileges and roles

3 1-3 Copyright © 2006, Oracle. All rights reserved. Controlling User Access Database administrator Users Username and password Privileges

4 1-4 Copyright © 2006, Oracle. All rights reserved. Privileges ( 권한 ) Database security: –System security( 접근 ) –Data security( 조작 ) System privileges: Gaining access to the database Object privileges: Manipulating the content of the database objects Schemas: Collection of objects such as tables, views, and sequences

5 1-5 Copyright © 2006, Oracle. All rights reserved. System Privileges More than 160 privileges are available. The database administrator has high-level system privileges for tasks such as: –Creating new users –Removing users –Removing tables –Backing up tables Select count(*) from role_sys_privs Where role=‘DBA’; --10g

6 1-6 Copyright © 2006, Oracle. All rights reserved. Creating Users The DBA creates users with the CREATE USER statement. CREATE USER USER1 IDENTIFIED BY USER1; User created. CREATE USER user IDENTIFIED BY password;(DB 인증 )

7 1-7 Copyright © 2006, Oracle. All rights reserved. User System Privileges After a user is created, the DBA can grant specific system privileges to that user. An application developer, for example, may have the following system privileges: – CREATE SESSION( 접속 권한 ) – CREATE TABLE + Quota( 할당량 ) – CREATE SEQUENCE – CREATE VIEW – CREATE PROCEDURE – Grant create session to public GRANT privilege [, privilege...] TO user [, user| role, PUBLIC...];

8 1-8 Copyright © 2006, Oracle. All rights reserved. Granting System Privileges The DBA can grant specific system privileges to a user. GRANT create session, create table, create sequence, create view TO scott; Grant succeeded.

9 1-9 Copyright © 2006, Oracle. All rights reserved. What Is a Role? ( 권한 모음 ) Allocating privileges without a role Allocating privileges with a role Privileges Users Manager

10 1-10 Copyright © 2006, Oracle. All rights reserved. Creating and Granting Privileges to a Role Create a role: Grant privileges to a role: Grant a role to users: CREATE ROLE manager; Role created. GRANT create table, create view TO manager; Grant succeeded. GRANT manager TO BELL, KOCHHAR; Grant succeeded.

11 1-11 Copyright © 2006, Oracle. All rights reserved. Changing Your Password The DBA creates your user account and initializes your password. You can change your password by using the ALTER USER statement. ALTER USER HR IDENTIFIED BY employ; User altered.

12 1-12 Copyright © 2006, Oracle. All rights reserved. Object Privileges (all 은 전체 권한 부여 ) Object Privilege TableViewSequenceProcedure ALTER  DELETE  EXECUTE  INDEX  INSERT  REFERENCES  SELECT  UPDATE 

13 1-13 Copyright © 2006, Oracle. All rights reserved. Object Privileges Object privileges vary from object to object. An owner has all the privileges on the object. An owner can give specific privileges on that owner’s object. GRANTobject_priv [(columns)] ONobject TO{user|role|PUBLIC} [WITH GRANT OPTION];

14 1-14 Copyright © 2006, Oracle. All rights reserved. Granting Object Privileges Grant query privileges on the EMPLOYEES table: Grant privileges to update specific columns to users and roles: GRANT select ON employees TO sue, rich; Grant succeeded. GRANT update (department_name, location_id) ON departments TO scott, manager; Grant succeeded.

15 1-15 Copyright © 2006, Oracle. All rights reserved. Passing On Your Privileges Give a user authority to pass along privileges: Allow all users on the system to query data from Alice’s DEPARTMENTS table: GRANT select, insert ON departments TO scott WITH GRANT OPTION; Grant succeeded. GRANT select ON alice.departments TO PUBLIC; Grant succeeded.

16 1-16 Copyright © 2006, Oracle. All rights reserved. Confirming Privileges Granted Data Dictionary ViewDescription ROLE_SYS_PRIVS System privileges granted to roles ROLE_TAB_PRIVS Table privileges granted to roles USER_ROLE_PRIVS Roles accessible by the user USER_TAB_PRIVS_MADE Object privileges granted on the user’s objects USER_TAB_PRIVS_RECD Object privileges granted to the user USER_COL_PRIVS_MADE Object privileges granted on the columns of the user’s objects USER_COL_PRIVS_RECD Object privileges granted to the user on specific columns USER_SYS_PRIVS System privileges granted to the user

17 1-17 Copyright © 2006, Oracle. All rights reserved. Revoking Object Privileges You use the REVOKE statement to revoke privileges granted to other users. Privileges granted to others through the WITH GRANT OPTION clause are also revoked. REVOKE {privilege [, privilege...]|ALL} ON object FROM {user[, user...]|role|PUBLIC} [CASCADE CONSTRAINTS];

18 1-18 Copyright © 2006, Oracle. All rights reserved. Revoking Object Privileges As user Alice, revoke the SELECT and INSERT privileges given to user Scott on the DEPARTMENTS table. REVOKE select, insert ON departments FROM scott; Revoke succeeded.

19 1-19 Copyright © 2006, Oracle. All rights reserved. Summary In this lesson, you should have learned about statements that control access to the database and database objects. StatementAction CREATE USER Creates a user (usually performed by a DBA) GRANT Gives other users privileges to access the objects CREATE ROLE Creates a collection of privileges (usually performed by a DBA) ALTER USER Changes a user’s password REVOKE Removes privileges on an object fromusers

20 1-20 Copyright © 2006, Oracle. All rights reserved. Practice 1: Overview This practice covers the following topics: Granting other users privileges to your table Modifying another user’s table through the privileges granted to you Creating a synonym Querying the data dictionary views related to privileges

21 1-21 Copyright © 2006, Oracle. All rights reserved.

22 1-22 Copyright © 2006, Oracle. All rights reserved.

23 1-23 Copyright © 2006, Oracle. All rights reserved.

Download ppt "1 Copyright © 2006, Oracle. All rights reserved. Controlling User Access ( 사용자 접근 제어 )"

Similar presentations

14-1 Copyright  Oracle Corporation, 1998. All rights reserved. Privileges Database security: – System security – Data security System privileges: Gain.

14-1 Copyright  Oracle Corporation, All rights reserved. Privileges Database security: – System security – Data security System privileges: Gain.
13 Copyright © Oracle Corporation, 2001. All rights reserved. Controlling User Access.

13 Copyright © Oracle Corporation, All rights reserved. Controlling User Access.
SQL2-ch1 控制使用者存取. 題號  80 題: 14 、 22 、 40 、 42 、 52  140 題: 9 、 40 、 103.

SQL2-ch1 控制使用者存取. 題號  80 題: 14 、 22 、 40 、 42 、 52  140 題: 9 、 40 、 103.
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Copyright  Oracle Corporation, 1998. All rights reserved. 10 Creating and Managing Tables.

Copyright  Oracle Corporation, All rights reserved. 10 Creating and Managing Tables.
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.

Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.
Administering User Security

Administering User Security
Security and Integrity

Security and Integrity
Getting Started with Oracle11g Abeer bin humaid. Create database user You should create at least one database user that you will use to create database.

Getting Started with Oracle11g Abeer bin humaid. Create database user You should create at least one database user that you will use to create database.
By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.

By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.
CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.

CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.
9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.

9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
Copyright س Oracle Corporation, 1998. All rights reserved. 14 Controlling User Access.

Copyright س Oracle Corporation, All rights reserved. 14 Controlling User Access.
Database Programming Sections 13–Creating, revoking objects privileges.

Database Programming Sections 13–Creating, revoking objects privileges.
Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.

Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.
To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh.

To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh.
Week 7 Lecture 1 Database Roles. Learning Objectives  Discover when and why to use roles  Learn how to create, modify, and remove roles  Learn how.

Week 7 Lecture 1 Database Roles. Learning Objectives  Discover when and why to use roles  Learn how to create, modify, and remove roles  Learn how.
12 Copyright © Oracle Corporation, 2001. All rights reserved. Other Database Objects.

12 Copyright © Oracle Corporation, All rights reserved. Other Database Objects.

Similar presentations

Ads by Google