Upload
sabina-lamb
View
235
Download
0
Embed Size (px)
DESCRIPTION
Chapter 13Introduction to Oracle9i: SQL3 CREATE USER Command Gives each user a user name and password
Citation preview
Chapter 13 Introduction to Oracle9i: SQL 1
Chapter 13User Creation and Management
Chapter 13 Introduction to Oracle9i: SQL 2
User Accounts
• Provide a method of authentication• Can grant access to specific objects• Identify owners of objects
Chapter 13 Introduction to Oracle9i: SQL 3
CREATE USER Command
Gives each user a user name and password
Chapter 13 Introduction to Oracle9i: SQL 4
Database Connection
Even with valid user name and password, user still needs CREATE SESSION privilege to connect to a database
Chapter 13 Introduction to Oracle9i: SQL 5
Privileges
• System privileges– Allow access to database and execution of DDL
operations– Approximately 140 system privileges in
Oracle9i• Object privileges
– Allow user to perform DML operations – Total of 13 object privileges in Oracle9i
Chapter 13 Introduction to Oracle9i: SQL 6
Object Privileges - Examples
• SELECT – display data from table, view, or sequence
• INSERT – insert data into table or view• UPDATE – change data in a table or view• DELETE – remove data from a table or
view• ALTER – change definition of table or view
Chapter 13 Introduction to Oracle9i: SQL 7
Granting Object Privileges
Granted through GRANT command
Chapter 13 Introduction to Oracle9i: SQL 8
Grant Clauses for Object Privileges
• GRANT clause – identifies object privileges• ON clause – identifies object• TO clause – identifies user or role receiving
privilege• WITH GRANT OPTION clause – gives user
ability to assign same privilege to other users
Chapter 13 Introduction to Oracle9i: SQL 9
GRANT Command Example – Object Privileges
Chapter 13 Introduction to Oracle9i: SQL 10
System Privileges
• Affect ability to create, alter, and drop objects
• Use of ANY keyword with object privilege (INSERT ANY TABLE) is considered a system privilege
• List of all available system privileges available through SYSTEM_PRIVILEGE_MAP
Chapter 13 Introduction to Oracle9i: SQL 11
SYSTEM_PRIVILEGE_MAP
Chapter 13 Introduction to Oracle9i: SQL 12
Granting System Privileges
System privileges given through GRANT command
Chapter 13 Introduction to Oracle9i: SQL 13
Grant Clauses for System Privileges
• GRANT clause – identifies system privileges being granted
• TO clause – identifies receiving user or role• WITH ADMIN OPTION clause – allows
user to grant privilege to other database users
Chapter 13 Introduction to Oracle9i: SQL 14
GRANT Command Example – System Privileges
Chapter 13 Introduction to Oracle9i: SQL 15
Changing User Password
Can use PASSWORD command or ALTER USER command
Chapter 13 Introduction to Oracle9i: SQL 16
Roles
• A group, or collection, of privileges• Can be assigned to users or other roles
Chapter 13 Introduction to Oracle9i: SQL 17
Multiple Roles
• User can be assigned several roles• All roles can be enabled at one time• Only one role can be designated as default
role for each user• Default role can be assigned through
ALTER USER command
Chapter 13 Introduction to Oracle9i: SQL 18
Modifying a Role
• Roles can be modified with ALTER ROLE command
• Roles can be assigned passwords
Chapter 13 Introduction to Oracle9i: SQL 19
Viewing Privileges
• ROLE_SYS_PRIVS lists all system privileges assigned to a role
• SESSION_PRIVS lists user’s currently enabled roles
Chapter 13 Introduction to Oracle9i: SQL 20
ROLE_SYS_PRIVS Example
Chapter 13 Introduction to Oracle9i: SQL 21
SESSION_PRIVS Example
Chapter 13 Introduction to Oracle9i: SQL 22
Revoking System Privilege
Revoke system privileges with REVOKE command
Chapter 13 Introduction to Oracle9i: SQL 23
Revoking Object Privilege
If originally granted using WITH GRANT OPTION, the effect cascades and is revoked from subsequent recipients
Chapter 13 Introduction to Oracle9i: SQL 24
Dropping a Role
Users receiving privileges via a role that is dropped will no longer have those privileges available
Chapter 13 Introduction to Oracle9i: SQL 25
Dropping a User
DROP USER command is used to remove a user account