Presentation is loading. Please wait.

Presentation is loading. Please wait.

Database Programming Sections 13–Creating, revoking objects privileges.

Published byMadeline Flynn Modified over 8 years ago

Similar presentations

Presentation on theme: "Database Programming Sections 13–Creating, revoking objects privileges."— Presentation transcript:

1 Database Programming Sections 13–Creating, revoking objects privileges

2 Marge Hohly2 System vs. Object Privileges  System Privileges The right to access the database and its objects – create table, create view, back up any table, etc. Generally granted by the DBA  Object Privileges The right to manipulate the content of the objects database – alter, delete, execute, index, insert, reference, select, update Grant by the owner of the object

3 Marge Hohly3 Control of User Access  Oracle Server database security, you can do the following: Control database access Give access to specific objects in the database Confirm given and received privileges within the Oracle data dictionary Create synonyms for database objects

4 Marge Hohly4 Privileges  Right to execute particular SQL statements.  DBA – high-level user with ability to grant users access  Users require system privileges to gain, access to databases/objects to manipulate content  Users can be given privilege to grant additional privileges to other users/roles

5 Marge Hohly5 System privileges of DBA  DBAs generally allocate system privileges  Any user who owns an object can grant object privileges System PrivilegeOperations Authorized CREATE SESSIONConnect to the database CREATE TABLECreate tables in the user’s schema CREATE SEQUENCECreate sequences in the user’s schema CREATE VIEWCreate a view in the user’s schema CREATE PROCEDURECreate a stored procedure, function, or package in the user’s schema

6 Marge Hohly6 Schema  A schema is a collection of objects, such as tables, views, and sequences.  The schema is owned by a database user and has the same name as that user.  In this course, your schema name is - usca_cc_sql01_sxx, where xx is your number.

7 Marge Hohly7 System Privileges  Below are listed typical privileges provided by the database administrator.

8 Marge Hohly8 Object Privileges  An owner can give specific privileges on that owner’s object  GRANT obj_privilege(columns) ON object TO USER|ROLE|PUBLIC {WITH GRANT OPTION}  To grant privileges on an object, the object must be in your schema, or you must have been granted the object privileges WITH GRANT OPTION  An object owner can grant any object privilege on the object to any other user or role of the database  The owner of an object automatically acquires all object privileges on that object  GRANT select, insert (name, email) ON address_book TO Scott WITH GRANT OPTION  REVOKE select, insert ON address_book FROM scott;

9 Marge Hohly9 Guidelines to grant object privileges  To grant privileges on an object, the object must be in your own schema, or you must have been granted the object privileges WITH GRANT OPTION.  An object owner can grant any object privilege on the object to any other user or role of the database.  The owner of an object automatically acquires all object privileges on that object.

10 Marge Hohly10 Syntax

11 Marge Hohly11 Granting privileges for objects  Only privileges that apply to a sequence are SELECT and ALTER.  You can grant UPDATE, REFERENCES, and INSERT on individual columns on a table. For example:  GRANT UPDATE (auth_expense) ON d_partners TO allison_plumb;  You can restricted SELECT privilege by creating a view with a subset of columns and granting the SELECT privilege only on the view.  You can't grant SELECT on individual columns.  Privilege granted to synonym is converted to a privilege on the base table referenced by the synonym.

12 Marge Hohly12 Grant & Revoke Syntax  GRANT object_priv[(columns)] ON object TO {user|role|PUBLIC} [WITH GRANT OPTION];  REVOKE {privilege [, privilege...]|All} ON object FROM {user[, user...]|role|PUBLIC} [CASCADE CONSTRAINTS]; CASCADE CONSTRAINTS - required to remove any referential integrity constraints made to the object by means of the REFERENCES privilege – like creating a reference to your table via foreign key

13 Marge Hohly13 Examples DP.13.3.10  1. GRANT select (Scott owns d_songs and typed this command) ON d_songs TO PUBLIC;  2. GRANT update (title, artist) (Scott owns d_songs and is granting ON d_songs authorization to update these columns) TO jennifer_cho, manager;  3. SELECT * ( Jennifer now types this to view Scotts d_songs table) FROM scott_king.d_songs; Jennifer types the following:  4. CREATE SYNONYM songs FOR scott_king.d_songs;  5. SELECT * FROM songs; (songs is the synonym)

14 Marge Hohly14 WITH GRANT OPTION  GRANT select, insert ON d_songs TO scott_king WITH GRANT OPTION;  With grant option clause allows the privileges to be passed on to other users.  With Grant Option can be revoked when user’s privileges are revoked.

15 Marge Hohly15 Pictorial view WITH GRANT OPTION

16 Marge Hohly16 PUBLIC keyword  GRANT select ON jason_tsang.d_songs TO PUBLIC;  Owner of a table can grant access to all users by using keyword PUBLIC

17 Marge Hohly17 REVOKE privilege  REVOKE {privilege [, privilege...]|ALL} ON object FROM {user[, user...]|role|PUBLIC} [CASCADE CONSTRAINTS];  CASCADE CONSTRAINTS required to remove any referential integrity constraints made to the object by means of the REFERENCES privilege.

18 Marge Hohly18 Revoke privilege  REVOKE select, insert ON d_songs FROM usca_cc_sql01_sxx;

19 Marge Hohly19 Access errors  Oracle Server error message “table or view does not exist,” you have done one of the following: Named a table or view that does not exist Attempted to perform an operation on a table or view for which you do not have the appropriate privileges

20 Marge Hohly20 Viewing privilege in data dictionary  Types of privilege you can view

21 Marge Hohly21 Example of privileges commands  SELECT * FROM role_tab_privs WHERE role = ‘MANAGER’;  SELECT * FROM user_sys_privs;  SELECT * FROM user_role_privs;

22 Marge Hohly22 Displaying your privileges  To show what privileges a user has on the databases enter:  SELECT * FROM SESSION_PRIVS ;  You have a list of privileges you have displayed.  Run the command to see what you get. See next slide.

23 Marge Hohly23 Results of previous command

24 Marge Hohly24 What is a Role?  A role is a named group of related privileges that can be granted to the user.  Makes it easier to revoke and maintain privileges.  A user can have access to several roles, and several users can be assigned the same role.  Roles are typically created for a database application.  Syntax: CREATE ROLE role;

25 Marge Hohly25 Example of a Role  CREATE ROLE manager; Role created.  GRANT create table TO manager; Grant succeeded.  GRANT manager TO User_name; Grant succeeded.  PRIVILEGES ARE GRANTED TO ROLES  PEOPLE ARE ASSIGNED ROLES

26 Marge Hohly26 Why Roles are easier?  How it works.

Download ppt "Database Programming Sections 13–Creating, revoking objects privileges."

Similar presentations

14-1 Copyright  Oracle Corporation, 1998. All rights reserved. Privileges Database security: – System security – Data security System privileges: Gain.

14-1 Copyright  Oracle Corporation, All rights reserved. Privileges Database security: – System security – Data security System privileges: Gain.
13 Copyright © Oracle Corporation, 2001. All rights reserved. Controlling User Access.

13 Copyright © Oracle Corporation, All rights reserved. Controlling User Access.
SQL2-ch1 控制使用者存取. 題號  80 題: 14 、 22 、 40 、 42 、 52  140 題: 9 、 40 、 103.

SQL2-ch1 控制使用者存取. 題號  80 題: 14 、 22 、 40 、 42 、 52  140 題: 9 、 40 、 103.
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
Database Programming Sections 13. Marge Hohly2 13.1.4  1. Which statements are True about the following sequence? The sequence was used to generate numbers.

Database Programming Sections 13. Marge Hohly  1. Which statements are True about the following sequence? The sequence was used to generate numbers.
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
Triggers, security and authorization in SQL Niki Sardjono Niki Sardjono CS 157A sect 2 Prof. S. M. Lee.

Triggers, security and authorization in SQL Niki Sardjono Niki Sardjono CS 157A sect 2 Prof. S. M. Lee.
Chapter 6 Additional Database Objects

Chapter 6 Additional Database Objects
By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.

By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.
9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.

9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
Copyright س Oracle Corporation, 1998. All rights reserved. 14 Controlling User Access.

Copyright س Oracle Corporation, All rights reserved. 14 Controlling User Access.
Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.

Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.
Lecture 7 Integrity & Veracity UFCE8K-15-M: Data Management.

Lecture 7 Integrity & Veracity UFCE8K-15-M: Data Management.
I NTRODUCTION OF W EEK 7  Assignment Discussion  Graded: 3-1-2 (Creation of Database) (All submitted!)  Naming standard, Logical to physical design.

I NTRODUCTION OF W EEK 7  Assignment Discussion  Graded: (Creation of Database) (All submitted!)  Naming standard, Logical to physical design.
Chapter 6 Additional Database Objects Oracle 10g: SQL.

Chapter 6 Additional Database Objects Oracle 10g: SQL.
7 Copyright © 2004, Oracle. All rights reserved. Administering Users.

7 Copyright © 2004, Oracle. All rights reserved. Administering Users.
Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.

Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.
DCL/1 Data Control Language Objectives –To learn about the security mechanisms implemented in an RDBMS and how to use them Contents –Identifying Users.

DCL/1 Data Control Language Objectives –To learn about the security mechanisms implemented in an RDBMS and how to use them Contents –Identifying Users.
17 Copyright © Oracle Corporation, 2001. All rights reserved. Managing Roles.

17 Copyright © Oracle Corporation, All rights reserved. Managing Roles.
Database Programming Sections 11 & 12 – Creating, and Managing Views, Sequences, Indexes, and Synonymns.

Database Programming Sections 11 & 12 – Creating, and Managing Views, Sequences, Indexes, and Synonymns.

Similar presentations

Ads by Google