Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 1 (SQL) Controlling User Access Asif Sohail University of the.

Published byLindsey Douglas Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 1 (SQL) Controlling User Access Asif Sohail University of the."— Presentation transcript:

1 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 1 (SQL) Controlling User Access Asif Sohail University of the Punjab Punjab University College of Information Technology (PUCIT)

2 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 2 Objectives After completing this lesson, you should be able to do the following: –Create users –Create roles to ease setup and maintenance of the security model –Use the GRANT and REVOKE statements to grant and revoke object privileges

3 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 3 Controlling User Access Databaseadministrator Users Username and password privileges

4 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 4 Privileges –Database security: System security Data security –System privileges: Gain access to the database –Object privileges: Manipulate the content of the database objects –More than 80 privileges are available. –The DBA has high-level system privileges: Create new users Remove users Remove tables Back up tables

5 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 5 Creating Users The DBA creates users by using the CREATE USER statement. SQL> CREATEUSER scott 2 IDENTIFIED BY tiger; User created. SQL> CREATEUSER scott 2 IDENTIFIED BY tiger; User created. CREATE USER user IDENTIFIED BY password; CREATE USER user IDENTIFIED BY password;

6 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 6 Changing Your Password –The DBA creates your user account and initializes your password. –You can change your password by using the ALTER USER statement. SQL> ALTER USER scott 2 IDENTIFIED BY lion; User altered. SQL> ALTER USER scott 2 IDENTIFIED BY lion; User altered.

7 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 7 User System Privileges GRANT privilege [, privilege...] TO user [, user...]; GRANT privilege [, privilege...] TO user [, user...]; An application developer may have the following system privileges: – CREATE TABLE – CREATE SEQUENCE – CREATE VIEW – CREATE INDEX – CREATE PROCEDURE Once a user is created, the DBA can grant specific system privileges to a user.

8 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 8 Granting System Privileges The DBA can grant a user specific system privileges. SQL> GRANT create table, create sequence, create view 2 TO scott; Grant succeeded. SQL> GRANT create table, create sequence, create view 2 TO scott; Grant succeeded.

9 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 9 What Is a Role? Allocating privileges without a role Allocating privileges with a role Privileges Users Manager

10 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 10 What Is a Role? SQL> GRANT role TO USER 2 [WITH ADMIN OPTION]; Grant succeeded. SQL> GRANT role TO USER 2 [WITH ADMIN OPTION]; Grant succeeded. A role is a privilege or set of privileges that allows a user to perform certain functions in the database. To grant a role to a user, use the following syntax: If WITH ADMIN OPTION is used, that user can then grant roles to other users.

11 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 11 Creating and Granting Privileges to a Role SQL> CREATE ROLE manager; Role created. SQL> CREATE ROLE manager; Role created. SQL> GRANT create table, create view 2 to manager; Grant succeeded. SQL> GRANT create table, create view 2 to manager; Grant succeeded. SQL> GRANT manager to BLAKE, CLARK; Grant succeeded. SQL> GRANT manager to BLAKE, CLARK; Grant succeeded.

12 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 12 Standard Role Names Oracle lets you register as one of three roles: a)Connect b)Resource c)DBA (or database administrator) These three roles have varying degrees of privileges.

13 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 13 Standard Role Names a) The Connect Role The Connect role can be thought of as the entry-level role. A user who has been granted Connect role access can be granted various privileges that allow him or her to do something with a database. The Connect role enables the user to select, insert, update, and delete records from tables belonging to other users (after the appropriate permissions have been granted).

14 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 14 Standard Role Names b) The Resource Role The Resource role gives the user more access to Oracle databases. The user can also create tables, views, sequences, and synonyms. In addition to the permissions that can be granted to the Connect role, Resource roles can also be granted permission to create procedures, triggers, and indexes.

15 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 15 Standard Role Names c) The DBA Role The DBA role includes all privileges. Users with this role are able to do essentially anything they want to the database system.

16 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 16 Revoking a Role SQL> REVOKE role FROM user; SQL> REVOKE create table FROM manager; SQL> REVOKE connect FROM manager;

17 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 17 Object Privileges –After you decide which roles to grant your users, your next step is deciding which permissions or privileges these users will have on database objects. –If you actually create an object, you can grant privileges on that object to other users. –Object privileges vary from object to object. –An owner has all the privileges on the object. GRANT{object_priv | ALL} [(columns)] ONobject TO{user|role|PUBLIC} [WITH GRANT OPTION]; GRANT{object_priv | ALL} [(columns)] ONobject TO{user|role|PUBLIC} [WITH GRANT OPTION];

18 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 18 Object Privilege TableViewSequenceProcedure ALTER Ö  Ö DELETE Ö  Ö EXECUTE Ö INDEX Ö INSERT Ö  Ö REFERENCES Ö SELECT Ö  Ö  Ö UPDATE Ö  Ö Object Privileges

19 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 19 Granting Object Privileges SQL> GRANTselect 2 ONemp 3 TOboota,bala; Grant succeeded. SQL> GRANTselect 2 ONemp 3 TOboota,bala; Grant succeeded. SQL> GRANTupdate (dname, loc) 2 ONdept 3 TOscott, manager; Grant succeeded. SQL> GRANTupdate (dname, loc) 2 ONdept 3 TOscott, manager; Grant succeeded. –Grant query privileges on the EMP table. Grant privileges to update specific columns to users and roles. SQL> GRANTALL 2 ONemp 3 TOboss; Grant succeeded. SQL> GRANTALL 2 ONemp 3 TOboss; Grant succeeded. –Grant all privileges on the EMP table.

20 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 20 Using WITH GRANT OPTION and PUBLIC Keywords –Allow all users on the system to query data from Alice’s DEPT table. SQL> GRANTselect, insert 2 ONdept 3 TOscott 4 WITH GRANT OPTION; Grant succeeded. SQL> GRANTselect, insert 2 ONdept 3 TOscott 4 WITH GRANT OPTION; Grant succeeded. SQL> GRANTselect 2 ONalice.dept 3 TOPUBLIC; Grant succeeded. SQL> GRANTselect 2 ONalice.dept 3 TOPUBLIC; Grant succeeded. Give a user authority to pass along the privileges.

21 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 21 Using the objects of other users Qualifying the granted object Let A is a table name create by user X and X has granted SELECT privilege on A to a user Y. User Y can SELECT rows from table A using: SELECT * FROM X.A;

22 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 22 Confirming Privileges Granted Data Dictionary TableDescription ROLE_SYS_PRIVSSystem privileges granted to roles ROLE_TAB_PRIVSTable privileges granted to roles USER_ROLE_PRIVSRoles accessible by the user USER_TAB_PRIVS_MADEObject privileges granted on the user’s objects USER_TAB_PRIVS_RECDObject privileges granted to the user USER_COL_PRIVS_MADEObject privileges granted on the columns of the user’s objects USER_COL_PRIVS_RECDObject privileges granted to the user on specific columns

23 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 23 How to Revoke Object Privileges –You use the REVOKE statement to revoke privileges granted to other users. –Privileges granted to others through the WITH GRANT OPTION will also be revoked. REVOKE {privilege [, privilege...]|ALL} ON object FROM {user[, user...]|role|PUBLIC}; REVOKE {privilege [, privilege...]|ALL} ON object FROM {user[, user...]|role|PUBLIC};

24 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 24 Revoking Object Privileges As user Alice, revoke the SELECT and INSERT privileges given to user Scott on the DEPT table. SQL> REVOKEselect, insert 2 ONdept 3 FROMscott; Revoke succeeded. SQL> REVOKEselect, insert 2 ONdept 3 FROMscott; Revoke succeeded.

25 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 25 Summary StatementAction CREATE USERAllows the DBA to create a user GRANTAllows the user to give other users privileges to access the user’s objects CREATE ROLEAllows the DBA to create a collection of privileges ALTER USERAllows users to change their password REVOKERemoves privileges on an object from users

26 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 26 Practice Overview –Granting other users privileges to your table –Modifying another user’s table through the privileges granted to you –Creating a synonym –Querying the data dictionary views related to privileges

27 © 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 27 Thank you for your attention. Asif Sohail Assistant Professor University of the Punjab Punjab University College of Information Technology (PUCIT) Allama Iqbal (Old) Campus, Anarkali Lahore, Pakistan Tel: +92-(0)42-111-923-923 Ext. 154 E-mail: asif@pucit.edu.pk

Download ppt "© 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 1 (SQL) Controlling User Access Asif Sohail University of the."

Similar presentations

9 Creating and Managing Tables. Objectives After completing this lesson, you should be able to do the following: Describe the main database objects Create.

9 Creating and Managing Tables. Objectives After completing this lesson, you should be able to do the following: Describe the main database objects Create.
14-1 Copyright  Oracle Corporation, 1998. All rights reserved. Privileges Database security: – System security – Data security System privileges: Gain.

14-1 Copyright  Oracle Corporation, All rights reserved. Privileges Database security: – System security – Data security System privileges: Gain.
13 Copyright © Oracle Corporation, 2001. All rights reserved. Controlling User Access.

13 Copyright © Oracle Corporation, All rights reserved. Controlling User Access.
Copyright  Oracle Corporation, 1998. All rights reserved. 10 Creating and Managing Tables.

Copyright  Oracle Corporation, All rights reserved. 10 Creating and Managing Tables.
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.

Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.
Security and Integrity

Security and Integrity
Getting Started with Oracle11g Abeer bin humaid. Create database user You should create at least one database user that you will use to create database.

Getting Started with Oracle11g Abeer bin humaid. Create database user You should create at least one database user that you will use to create database.
By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.

By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.
9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.

9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
Copyright س Oracle Corporation, 1998. All rights reserved. 14 Controlling User Access.

Copyright س Oracle Corporation, All rights reserved. 14 Controlling User Access.
Database Programming Sections 13–Creating, revoking objects privileges.

Database Programming Sections 13–Creating, revoking objects privileges.
Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.

Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.
Week 7 Lecture 1 Database Roles. Learning Objectives  Discover when and why to use roles  Learn how to create, modify, and remove roles  Learn how.

Week 7 Lecture 1 Database Roles. Learning Objectives  Discover when and why to use roles  Learn how to create, modify, and remove roles  Learn how.
INTRODUCTION TO ORACLE Lynnwood Brown System Managers LLC End User Management – Lecture 3 Copyright System Managers LLC 2007 all rights reserved.

INTRODUCTION TO ORACLE Lynnwood Brown System Managers LLC End User Management – Lecture 3 Copyright System Managers LLC 2007 all rights reserved.
Chapter 6 Additional Database Objects Oracle 10g: SQL.

Chapter 6 Additional Database Objects Oracle 10g: SQL.
7 Copyright © 2004, Oracle. All rights reserved. Administering Users.

7 Copyright © 2004, Oracle. All rights reserved. Administering Users.
Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.

Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.
DCL/1 Data Control Language Objectives –To learn about the security mechanisms implemented in an RDBMS and how to use them Contents –Identifying Users.

DCL/1 Data Control Language Objectives –To learn about the security mechanisms implemented in an RDBMS and how to use them Contents –Identifying Users.

Similar presentations

Ads by Google