Objectives
After completing this lesson, you should be able to do the following: Differentiate system privileges from object privileges Grant privileges on tables Grant roles Distinguish between privileges and roles
1-2
Lesson Agenda
System privileges Creating a role Object privileges Revoking object privileges
1-3
Database administrator
1-4
Privileges
Database security:
System security Data security
System privileges: Performing a particular action within the database Object privileges: Manipulating the content of the database objects Schemas: Collection of objects such as tables, views, and sequences
1-5
System Privileges
More than 100 privileges are available. The database administrator has high-level system privileges for tasks such as:
Creating new users Removing users Removing tables Backing up tables
1-6
Creating Users
The database administrator (DBA) creates users with the CREATE USER statement. CREATE USER user IDENTIFIED BY password; CREATE USER demo IDENTIFIED BY demo;
1-7
An application developer, for example, may have the following system privileges:
CREATE CREATE CREATE CREATE CREATE SESSION TABLE SEQUENCE VIEW PROCEDURE
1-8
1-9
Lesson Agenda
System privileges Creating a role Object privileges Revoking object privileges
1 - 10
What Is a Role?
Users
Manager
Privileges
Allocating privileges without a role Allocating privileges with a role
1 - 11
1 - 12
1 - 13
Lesson Agenda
System privileges Creating a role Object privileges Revoking object privileges
1 - 14
Object Privileges
Table
View
Sequence
INSERT
REFERENCES SELECT UPDATE
1 - 15
Object Privileges
Object privileges vary from object to object. An owner has all the privileges on the object. An owner can give specific privileges on that owners object.
GRANT object_priv [(columns)] ON object TO {user|role|PUBLIC} [WITH GRANT OPTION];
1 - 16
1 - 17
Allow all users on the system to query data from Alices DEPARTMENTS table:
GRANT select ON alice.departments TO PUBLIC;
1 - 18
1 - 19
Lesson Agenda
System privileges Creating a role Object privileges Revoking object privileges
1 - 20
1 - 21
1 - 22
Summary
In this lesson, you should have learned about statements that control access to the database and database objects.
Statement CREATE USER GRANT CREATE ROLE ALTER USER REVOKE Action
Creates a user (usually performed by a DBA) Gives other users privileges to access the objects Creates a collection of privileges (usually performed by a DBA) Changes a users password Removes privileges on an object from users
1 - 23
Practice 1: Overview
This practice covers the following topics: Granting other users privileges to your table Modifying another users table through the privileges granted to you Creating a synonym
1 - 24