Presentation is loading. Please wait.

Presentation is loading. Please wait.

19 Managing Privileges. 19-2 Objectives Identifying system and object privileges Granting and revoking privileges Controlling operating system or password.

Published byLeona Shepherd Modified over 8 years ago

Similar presentations

Presentation on theme: "19 Managing Privileges. 19-2 Objectives Identifying system and object privileges Granting and revoking privileges Controlling operating system or password."— Presentation transcript:

1 19 Managing Privileges

2 19-2 Objectives Identifying system and object privileges Granting and revoking privileges Controlling operating system or password file authentication Identifying system and object privileges Granting and revoking privileges Controlling operating system or password file authentication

3 19-3 Managing Privileges Two types of privileges: SYSTEM: enables users to perform particular actions in the database create, alter, drop, etc. OBJECT: enables users to access and manipulate a specific object select, update, insert, exec, etc. Two types of privileges: SYSTEM: enables users to perform particular actions in the database create, alter, drop, etc. OBJECT: enables users to access and manipulate a specific object select, update, insert, exec, etc.

4 19-4 System Privileges There are about 126 system privileges. The ANY-keyword in the privileges signifies that users have the privilege in every schema. The GRANT command adds a privilege to a user or a group of users. The REVOKE command deletes the privileges. Users with ANY privilege can access data dictionary tables There are about 126 system privileges. The ANY-keyword in the privileges signifies that users have the privilege in every schema. The GRANT command adds a privilege to a user or a group of users. The REVOKE command deletes the privileges. Users with ANY privilege can access data dictionary tables

5 19-5 System Privileges: Examples CategoryExamples INDEXCREATE ANY INDEX ALTER ANY INDEX DROP ANY INDEX TABLE CREATE TABLE (includes dropping privilege, create index) CREATE ANY TABLE ALTER ANY TABLE DROP ANY TABLE (need this for truncating) SELECT ANY TABLE UPDATE ANY TABLE DELETE ANY TABLE SESSIONCREATE SESSION (need this to do anything) ALTER SESSION RESTRICTED SESSION(when db in restricted mode) TABLESPACECREATE TABLESPACE ALTER TABLESPACE DROP TABLESPACE UNLIMITED TABLESPACE

6 19-6 Granting System Privileges GRANT CREATE SESSION, CREATE TABLE TO user1; GRANT CREATE SESSION TO scott WITH ADMIN OPTION; (enables scott to grant the privilege or role to other users or roles) GRANT CREATE SESSION TO scott WITH ADMIN OPTION; (enables scott to grant the privilege or role to other users or roles)

7 19-7 SYSDBA and SYSOPER Privileges CategoryExamples SYSOPER STARTUP SHUTDOWN ALTER DATABASE OPEN | MOUNT ALTER DATABASE BACKUP CONTROLFILE ALTER TABLESPACE BEGIN/END BACKUP RECOVER DATABASE, ALTER DATABASE ARCHIVELOG RESTRICTED SESSION SYSDBASYSOPER privileges WITH ADMIN OPTION CREATE DATABASE RECOVER DATABASE UNTIL (any operation on db or objects in db) user SYSTEM not as powerful as SYS

8 19-8 SYSDBA and SYSOPER Privileges User SYS: -Owner of data dictionary, can make changes -Granted SYSOPER and SYSDBA roles -Can start and shutdown database User STSTEM: -Not granted SYSOPER and SYSDBA roles -Cannot start/shutdown database -Cannot modify data dictionary -Safer to be SYSTEM than SYS

9 19-9 Password File Authentication 1. Create the password file and set the REMOTE_LOGIN_PASSWORDFILE parameter. 2. Set REMOTE_LOGIN_ PASSWORD_FILE=EXCLUSIVE. 3. Grant SYSOPER and SYSDBA privileges to users. 4. Query V$PWFILE_USERS to verify the password file members. 1. Create the password file and set the REMOTE_LOGIN_PASSWORDFILE parameter. 2. Set REMOTE_LOGIN_ PASSWORD_FILE=EXCLUSIVE. 3. Grant SYSOPER and SYSDBA privileges to users. 4. Query V$PWFILE_USERS to verify the password file members.

10 19-10 Displaying System Privileges DBA_SYS_PRIVS GRANTEEGRANTEE PRIVILEGEPRIVILEGE ADMIN OPTIONADMIN OPTION SESSION_PRIVS PRIVILEGEPRIVILEGE Database Level Session Level Select * from dba_sys_privs; Select * from session_privs; (current session)

11 19-11 System Privilege Restrictions O7_DICTIONARY_ACCESSIBILITY = TRUE Reverts to Oracle7 behavior Removes the restrictions on system privileges with the ANY keyword Defaults to TRUE O7_DICTIONARY_ACCESSIBILITY = TRUE Reverts to Oracle7 behavior Removes the restrictions on system privileges with the ANY keyword Defaults to TRUE

12 19-12 Revoking System Privileges REVOKE CREATE TABLE FROM user1; (can REVOKE privileges granted with GRANT command) REVOKE CREATE TABLE FROM user1; (can REVOKE privileges granted with GRANT command) REVOKE CREATE SESSION FROM scott;

13 19-13 USER 1 SCOTT Revoking System Privileges Using WITH ADMIN OPTION DBA GRANT REVOKE (doesn’t cascade) REVOKE (doesn’t cascade) USER 1 SCOTT DBA

14 19-14 RESULT Revoking System Privileges Using WITH ADMIN OPTION DBA USER 1 SCOTT

15 19-15 Object Privileges Object priv.TableViewSequenceProcedure ALTER  DELETE  EXECUTE  INDEX  INSERT  REFERENCES  SELECT  UPDATE  Object priv.TableViewSequenceProcedure ALTER  DELETE  EXECUTE  INDEX  INSERT  REFERENCES  SELECT  UPDATE 

16 19-16 Granting Object Privileges GRANT EXECUTE ON dbms_pipe TO public; GRANT UPDATE(ename,sal) ON emp TO user1 WITH GRANT OPTION; Column (field) level grants

17 19-17 DBA_TAB_PRIVS Displaying Object Privileges DBA_COL_PRIVS GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE GRANTEE OWNER TABLE_NAME COLUMN_NAME GRANTOR PRIVILEGE GRANTABLE Object privileges Col specific privileges

18 19-18 Revoking Object Privileges REVOKE execute ON dbms_pipe FROM scott; Select * from dba_tab_privs where grantee = ‘SCOTT’; Select * from dba_col_privs;

19 19-19 GRAN T REVOKE Revoking Object Privileges Using WITH GRANT OPTION SCOTT USER 1 USER 2

20 19-20 RESULT Revoking Object Privileges Using WITH GRANT OPTION SCOTT USER 1 USER 2 Summary: revoking object privileges will cascade

21 19-21 Summary Controlling system and object privileges

Download ppt "19 Managing Privileges. 19-2 Objectives Identifying system and object privileges Granting and revoking privileges Controlling operating system or password."

Similar presentations

14-1 Copyright  Oracle Corporation, 1998. All rights reserved. Privileges Database security: – System security – Data security System privileges: Gain.

14-1 Copyright  Oracle Corporation, All rights reserved. Privileges Database security: – System security – Data security System privileges: Gain.
13 Copyright © Oracle Corporation, 2001. All rights reserved. Controlling User Access.

13 Copyright © Oracle Corporation, All rights reserved. Controlling User Access.
Oracle 10g Database Administrator: Implementation and Administration

Oracle 10g Database Administrator: Implementation and Administration
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.

Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.
Administering User Security

Administering User Security
Adapted from Afyouni, Database Security and Auditing DB Auditing Examples (Ch. 9) Dr. Mario Guimaraes.

Adapted from Afyouni, Database Security and Auditing DB Auditing Examples (Ch. 9) Dr. Mario Guimaraes.
By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.

By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.
CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.

CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.
9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.

9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
Copyright س Oracle Corporation, 1998. All rights reserved. 14 Controlling User Access.

Copyright س Oracle Corporation, All rights reserved. 14 Controlling User Access.
Database Programming Sections 13–Creating, revoking objects privileges.

Database Programming Sections 13–Creating, revoking objects privileges.
Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.

Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.
To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh.

To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh.
Week 7 Lecture 1 Database Roles. Learning Objectives  Discover when and why to use roles  Learn how to create, modify, and remove roles  Learn how.

Week 7 Lecture 1 Database Roles. Learning Objectives  Discover when and why to use roles  Learn how to create, modify, and remove roles  Learn how.
I NTRODUCTION OF W EEK 7  Assignment Discussion  Graded: 3-1-2 (Creation of Database) (All submitted!)  Naming standard, Logical to physical design.

I NTRODUCTION OF W EEK 7  Assignment Discussion  Graded: (Creation of Database) (All submitted!)  Naming standard, Logical to physical design.
7 Copyright © 2004, Oracle. All rights reserved. Administering Users.

7 Copyright © 2004, Oracle. All rights reserved. Administering Users.
16 Copyright © Oracle Corporation, 2001. All rights reserved. Managing Privileges.

16 Copyright © Oracle Corporation, All rights reserved. Managing Privileges.
Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.

Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.

Similar presentations

Ads by Google