Scribd Logo
Unggah

Selamat datang di Scribd!

  • E Computer Notes - Controlling User Access

    Diunggah oleh

    ecomputernotes
    14 tayangan20 halaman
    The database administrator has high-level System Privileges for tasks such as: Creating new users Removing tables Backing up tables Creating Users The DBA creates users by using the CREATE USER statement. The DBA can grant specific System Privileges to a user by using the GRANT and REVOKE statements.

    Deskripsi Asli:

    Judul Asli

    e computer notes - Controlling User Access

    Hak Cipta

    © Attribution Non-Commercial (BY-NC)

    Format Tersedia

    PPT, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    The database administrator has high-level System Privileges for tasks such as: Creating new users Removing tables Backing up tables Creating Users The DBA creates users by using the CREATE USER statement. The DBA can grant specific System Privileges to a user by using the GRANT and REVOKE statements.

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PPT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    14 tayangan20 halaman

    E Computer Notes - Controlling User Access

    Diunggah oleh

    ecomputernotes
    The database administrator has high-level System Privileges for tasks such as: Creating new users Removing tables Backing up tables Creating Users The DBA creates users by using the CREATE USER statement. The DBA can grant specific System Privileges to a user by using the GRANT and REVOKE statements.

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PPT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 20

    Controlling User Access

    http://ecomputernotes.com

    Objectives

    ter completing this lesson, you should be able to do the following:

    Create users Create roles to ease setup and maintenance of the security model " Use the GRANT and REVOKE statements to grant and revoke object privileges "Create and access database links

    "

    http://ecomputernotes.com

    Controlling User Access


    Database administrator

    Username and password Privileges


    Users

    http://ecomputernotes.com

    Privileges " Database security:


    System security Data security

    " System privileges: Gaining access to the database " Object privileges: Manipulating the content of the database objects Schemas: Collections of objects, such as tables, views, and sequences

    http://ecomputernotes.com

    System Privileges " More than 100 privileges are available.


    " The database administrator has high-level system privileges for tasks such as:
    Creating new users Removing users Removing tables Backing up tables

    http://ecomputernotes.com

    Creating Users
    The DBA creates users by using the CREATE USER statement.
    CREATE USER user IDENTIFIED BY password;

    CREATE USER scott IDENTIFIED BY tiger; User created.

    http://ecomputernotes.com

    User System Privileges " Once a user is created, the DBA can grant specific system privileges to a user.
    GRANT privilege

    TO user

    [, privilege...] [, user| role, PUBLIC...];

    An application developer, for example, may have " the following system privileges:
    CREATE SESSION CREATE TABLE CREATE SEQUENCE
    CREATE VIEW

    CREATE PROCEDURE

    http://ecomputernotes.com

    Granting System Privileges

    he DBA can grant a user specific system privileges.


    GRANT create session, create table, create sequence, create view TO scott; Grant succeeded.

    http://ecomputernotes.com

    What is a Role?

    Users

    Manager

    Privileges Allocating privileges without a role Allocating privileges with a role

    http://ecomputernotes.com

    Creating and Granting Privileges to a Role "


    Create a role

    CREATE ROLE manager; Role created.

    "Grant privileges to a role


    GRANT create table, create view TO manager; Grant succeeded.

    "Grant a role to users

    GRANT manager TO DEHAAN, KOCHHAR; GrantGrant succeeded.

    http://ecomputernotes.com

    Changing Your Password

    The DBA creates your user account and initializes

    your password. You can change your password by using the ALTER USER statement.

    ALTER USER scott IDENTIFIED BY lion; User altered.

    http://ecomputernotes.com

    Object Privileges
    Object Privilege
    ALTER DELETE
    EXECUTE

    Table

    View Sequence Procedure

    INDEX INSERT
    REFERENCES

    SELECT
    UPDATE

    http://ecomputernotes.com

    Object Privileges " Object privileges vary from object to object.


    " An owner has all the privileges on the object. " An owner can give specific privileges on that owners object.
    GRANT ON

    object_priv object

    [(columns)]

    TO

    {user|role|PUBLIC}

    http://ecomputernotes.com

    Granting Object Privileges "Grant query privileges on the EMPLOYEES table.


    GRANT select ON employees TO sue, rich; Grant succeeded.

    Grant privileges to update specific columns to


    users and roles.
    GRANT update (department_name, location_id) ON departments TO scott, manager; Grant succeeded.

    http://ecomputernotes.com

    Using

    the WITH GRANT OPTION and PUBLIC Keywords

    Give a user authority to pass along privileges.


    GRANT select, insert ON departments TO WITH GRANT OPTION; Grantscott succeeded.

    Allow all users on the system to query data from


    Alices DEPARTMENTS table.
    GRANT select alice.departments ON TO PUBLIC; Grant succeeded.

    http://ecomputernotes.com

    Confirming Privileges Granted


    Description System privileges granted to roles Table privileges granted to roles Roles accessible by the user OLE_SYS_PRIVS OLE_TAB_PRIVS SER_ROLE_PRIVS

    ata Dictionary View

    SER_TAB_PRIVS_MADE Object privileges granted on the users objects


    SER_TAB_PRIVS_RECD
    SER_COL_PRIVS_MADE

    Object privileges granted to the user Object privileges granted on the columns of the users objects Object privileges granted to the user on specific columns Lists system privileges granted to the user

    SER_COL_PRIVS_RECD

    SER_SYS_PRIVS

    http://ecomputernotes.com

    How to Revoke Object Privileges "

    You use the REVOKE statement to revoke privileges granted to other users. "Privileges granted to others through the WITH GRANT OPTION clause are also revoked.
    REVOKE {privilege [, privilege...]|ALL} object ON FROM {user[, user...]|role| PUBLIC} [CASCADE CONSTRAINTS];

    http://ecomputernotes.com

    Revoking Object Privileges


    As user Alice, revoke the SELECT and INSERT privileges given to user Scott on the DEPARTMENTS table.
    REVOKE select, insert ON departments FROM scott; Revoke succeeded.

    http://ecomputernotes.com

    Database Links

    database link connection allows local users to ccess data on a remote database.

    Local

    Remote
    EMP Table

    SELECT * FROM
    emp@HQ_ACME.COM;

    HQ _ACME.COM

    database

    Database Links "Create the database link.


    CREATE PUBLIC DATABASE LINK hq.acme.com USING 'sales'; Database link created.

    Write SQL statements that use the database link.


    SELECT *
    FROM emp@HQ.ACME.COM;

    Anda mungkin juga menyukai