About User Privileges and Roles
User privileges provide a basic level of database security. They are designed to control
user access to data and to limit the kinds of SQL statements that users can execute.
When creating a user, you grant privileges to enable the user to connect to the
database, to run queries and make updates, to create schema objects, and more.
The main types of user privileges are as follows:
■ System privileges—A system privilege gives a user the ability to perform a
particular action, or to perform an action on any schema objects of a particular
type. For example, the system privilege CREATE TABLE permits a user to create
tables in the schema associated with that user, and the system privilege CREATE
USER permits a user to create database users.
■ Object privileges—An object privilege gives a user the ability to perform a
particular action on a specific schema object. Different object privileges are
available for different types of schema objects. The privilege to select rows from
the EMPLOYEES table or to delete rows from the DEPARTMENTS table are examples of
object privileges.
Managing privileges is made easier by using roles, which are named groups of related
privileges. You create roles, grant system and object privileges to the roles, and then
grant roles to users. You can also grant roles to other roles. Unlike schema objects,
roles are not contained in any schema.
Table 7-1 lists three widely used roles that are predefined in Oracle Database. You can
grant these roles when you create a user or at any time thereafter.
... zobacz całą notatkę
Komentarze użytkowników (0)