SQL* Report
SQL*Plus can be used to generate reports. Through the use of SELECT statements you can perform queries into the
ORACLE database and then alter the display to create polished reports. Some elements of a report over which you have
control are: titles, column headings, subtotals and grand totals, reformatting of numbers and text and column
computations. Getting SQL*Plus to produce reports according to your needs requires only a few simple commands.
The script is made up of both SQL and SQL*Plus commands. How can you tell the difference? Beginning with the
SELECT statement and ending with the semi-colon is SQL which talks to the ORACLE database. The remaining
commands are SQL*Plus which are used to format the results of the query into a report.
NOTE: If you are using telnet through pigseye to access ORACLE, you may have difficulty viewing on your screen the
reports you produce. Table(s) mentioned in the SELECT statement are printed following the generation of the report.
This may prevent your seeing the report because there is no scroll bar to scroll back up to see the report. When you
begin your SQL*Plus session, issue the following command:
SQL>SET PAUSE 'More. . .'
SQL>SET PAUSE ON
Setting PAUSE ON will cause SQL*Plus to display one full screen of information and then it waits for you to press
enter before it displays the next screen. More� will appear in the lower left corner until you press enter.
Suppose we want an annual salary report. We want all employees from the EMPLOYEE listed on the report, their job
title, department number and annual salary. We want employees grouped by department. We want subtotals of annual
salary for each department, then a total annual salary at the end of the report. Sound a bit intimidating? Don't worry,
we'll build this report in small steps and explain each line as we go. The best place to start is with your SELECT
statement. Once you are sure it returns the information you need, then you can begin adding SQL*Plus commands to
format the report.
How should we write the SELECT statement that will return the data needed, grouped as we want it?
SQL>SELECT DEPTNO, NAME, JOB, SALARY*12
FROM EMPLOYEE
ORDER BY DEPTNO;
DEPTNO NAME JOB SALARY*12
Notice the current date and page number are placed on the report. The TTITLE command instructs SQL*Plus to place
your title at the top of the page. Your title is what you typed within single quotes in the TTITLE command. The vertical
line is the heading separator. It tells SQL*Plus that there should be a break wherever the | is placed. The vertical bar in
our TTITLE command instructs SQL*Plus to place the text before the bar on one line and the text after the bar on the
next line. Notice we included an instruction at the end of the file to turn TTITLE off.
username
Specify the name of the user to be created. This name can contain only characters from your database character set and
must follow the rules described in the section "Schema Object Naming Rules ". Oracle recommends that the user name
contain at least one single-byte character regardless of whether the database character set also contains multibyte
characters.
IDENTIFIED Clause
The IDENTIFIED clause lets you indicate how Oracle Database authenticates the user.
BY password
The BY password clause lets you creates a local user and indicates that the user must specify password to log on to the
database. Passwords can contain only single-byte characters from your database character set regardless of whether the
character set also contains multibyte characters.
Passwords must follow the rules described in the section "Schema Object Naming Rules ", unless you are using the
Oracle Database password complexity verification routine. That routine requires a more complex combination of
characters than the normal naming rules permit. You implement this routine with the UTLPWDMG.SQL script, which
is further described in Oracle Database Security Guide.
EXTERNALLY Clause
Specify EXTERNALLY to create an external user. Such a user must be authenticated by an external service, such as an
operating system or a third-party service. In this case, Oracle Database relies on the login authentication of the operating
system to ensure that a specific operating system user has access to a specific database user.
GLOBALLY Clause
The GLOBALLY clause lets you create a global user. Such a user must be authenticated by the enterprise directory
service. The external_name string can take one of two forms:
• The X.509 name at the enterprise directory service that identifies this user. It should be of the form
CN=username,other_attributes, where other_attributes is the rest of the user's distinguished name (DN) in the
directory.
• A null string (' ') indicating that the enterprise directory service will map authenticated global users to the
appropriate database schema with the appropriate roles.
You can control the ability of an application server to connect as the specified user and to activate that user's roles using
the ALTER USER statement.
DEFAULT TABLESPACE Clause
Specify the default tablespace for objects that the user creates. If you omit this clause, then the user's objects are stored
in the database default tablespace. If no default tablespace has been specified for the database, then the user's objects are
stored in the SYSTEM tablespace.
Restriction on Default Tablespaces
You cannot specify a locally managed tablespace, including an undo tablespace, or a dictionary-managed temporary
tablespace as a user's default tablespace.
QUOTA Clause
Use the QUOTA clause to allow the user to allocate up to integer bytes of space in the tablespace. This quota is the
maximum space in the tablespace the user can allocate.
A CREATE USER statement can have multiple QUOTA clauses for multiple tablespaces.
UNLIMITED lets the user allocate space in the tablespace without bound.
PROFILE Clause
Specify the profile you want to assign to the user. The profile limits the amount of database resources the user can use. If
you omit this clause, then Oracle Database assigns the DEFAULT profile to the user.
PASSWORD EXPIRE Clause
Specify PASSWORD EXPIRE if you want the user's password to expire. This setting forces the user or the DBA to
change the password before the user can log in to the database.
ACCOUNT Clause
Specify ACCOUNT LOCK to lock the user's account and disable access. Specify ACCOUNT UNLOCK to unlock the
user's account and enable access to the account.
Examples
Creating a Database User: Example
If you create a new user with PASSWORD EXPIRE, then the user's password must be changed before the user attempts
to log in to the database. You can create the user sidney by issuing the following statement:
CREATE USER sidney
IDENTIFIED BY out_standing1
DEFAULT TABLESPACE example
QUOTA 10M ON example
TEMPORARY TABLESPACE temp
QUOTA 5M ON system
PROFILE app_user
PASSWORD EXPIRE;
To create another user accessible only by an operating system account, prefix the user name with the value of the
initialization parameter OS_AUTHENT_PREFIX. For example, if this value is "ops$", you can create the externally
identified user external_user with the following statement:
CREATE USER ops$external_user
IDENTIFIED EXTERNALLY
DEFAULT TABLESPACE example
QUOTA 5M ON example
PROFILE app_user;
Privileges
A privilege is a right to execute an SQL statement or to access another user's object. In Oracle, there are two types of
privileges: system privileges and object privileges. A privileges can be assigned to a user or a role
The set of privileges is fixed, that is, there is no SQL statement like create privilege xyz...
System privileges
There are quite a few system privileges: in Oracle 9.2, we count 157 of them, and 10g has even 173. Those can be
displayed with
select name from system_privilege_map
Executing this statement, we find privileges like create session, drop user, alter database, see system privileges.
System privileges can be audited.
Arguably, the most important system privileges are:
• create session (A user cannot login without this privilege. If he tries, he gets an ORA-01045).
• create table
• create view
• create procedure
• sysdba
• sysoper
Object privileges
privileges can be assigned to the following types of database objects:
• Tables
select, insert, update, delete, alter, debug, flashback, on commit refresh, query rewrite, references, all
• Views
select, insert, update, delete, under, references, flashback, debug
• Sequence
alter, select
• Packeges, Procedures, Functions (Java classes, sources...)
execute, debug
• Materialized Views
delete, flashback, insert, select, update
• Directories
read, write
• Libraries
execute
• User defined types
execute, debug, under
• Operators
execute
• Indextypes
execute
For a user to be able to access an object in another user's schema, he needs the according object privilege.
Object privileges can be displayed using all_tab_privs_made or user_tab_privs_made.
Public
If a privilege is granted to the special role public, this privilege can be executed by all other users. However, sysdba
cannot be granted to public.
For example, if you wanted to grant select, insert, update, and delete privileges on a table called suppliers to a role
named test_role, you would execute the following statement:
grant select, insert, update, delete on suppliers to test_role;
You can also use the all keyword to indicate that you wish all permissions to be granted. For example:
grant all on suppliers to test_role;
For example, if you had a function called Find_Value and you wanted to grant execute access to the role named
test_role, you would execute the following statement:
grant execute on Find_Value to test_role;
For example:
GRANT test_role to smithj;
This example would grant the role called test_role to the user named smithj.
For example, if you wanted to revoke delete privileges on a table called suppliers from a role named test_role, you
would execute the following statement:
revoke delete on suppliers from test_role;
If you wanted to revoke all privileges on a table, you could use the all keyword. For example:
revoke all on suppliers from test_role;
If you wanted to revoke execute privileges on a function called Find_Value from a role named test_role, you would
execute the following statement:
revoke execute on Find_Value from test_role;
Passing On Privileges
To grant privileges on table and to make it be able further pass on this privilege you have to give WITH GRANT
OPTION clause in GRANT statement like this.
Syntax is :
grant select on [table name] to [user name] with grant option;
For Example :
grant select on emp to shonu with grant option;
Creating a Role
To create a role, you must have CREATE ROLE system privileges.
Note: If both the NOT IDENTIFIED and IDENTIFIED phrases are omitted in the CREATE ROLE statement, the role
will be created as a NOT IDENTIFIED role.
The role_name phrase is the name of the new role that you are creating. This is how you will refer to the grouping of
privileges.
The NOT IDENTIFIED phrase means that the role is immediately enabled. No password is required to enable the role.
The IDENTIFIED phrase means that a user must be authorized by a specified method before the role is enabled.
The BY password phrase means that a user must supply a password to enable the role.
The USING package phrase means that you are creating an application role - a role that is enabled only by applications
using an authorized package.
The EXTERNALLY phrase means that a user must be authorized by an external service to enable the role. An external
service can be an operating system or third-party service.
The GLOBALLY phrase means that a user must be authorized by the enterprise directory service to enable the role.
For example:
CREATE ROLE test_role;
This first example creates a role called test_role.
For example:
SET ROLE test_role IDENTIFIED BY test123;
This example would enable the role called test_role with a password of test123.
The user_name phrase is the name of the user whose role you are setting as DEFAULT.
The role_name phrase is the name of the role that you wish to set as DEFAULT.
The ALL phrase means that all roles should be enabled as DEFAULT, except those listed in the EXCEPT phrase.
The NONE phrase disables all roles as DEFAULT.
For example:
ALTER USER smithj DEFAULT ROLE test_role;
This example would set the role called test_role as a DEFAULT role for the user named smithj.
Dropping a Role
It is also possible to drop a role. The syntax for dropping a role is:
DROP ROLE role_name;
For example:
DROP ROLE test_role;
This drop statement would drop the role called test_role that we defined earlier.