270 likes | 418 Views
Chapter 13 User Creation and Management. Chapter Objectives. Explain the concept of authentication Create a new user account Grant a user the CREATE SESSION privilege Make a password expire Change the password of an existing account. Chapter Objectives. Create a role
E N D
Chapter 13User Creation and Management Oracle9i: SQL
Chapter Objectives • Explain the concept of authentication • Create a new user account • Grant a user the CREATE SESSION privilege • Make a password expire • Change the password of an existing account Oracle9i: SQL
Chapter Objectives • Create a role • Grant privileges to a role • Assign a user to a role • Revoke privileges from a user and a role • Drop a user Oracle9i: SQL
User Accounts • Provide a method of authentication • Can grant access to specific objects • Identify owners of objects Oracle9i: SQL
CREATE USER Command Gives each user a user name and password Oracle9i: SQL
Database Connection Even with valid user name and password, user still needs CREATE SESSION privilege to connect to a database Oracle9i: SQL
Privileges • System privileges • Allow access to database and execution of DDL operations • Approximately 140 system privileges in Oracle9i • Object privileges • Allow user to perform DML operations • Total of 13 object privileges in Oracle9i Oracle9i: SQL
Object Privileges - Examples • SELECT – display data from table, view, or sequence • INSERT – insert data into table or view • UPDATE – change data in a table or view • DELETE – remove data from a table or view • ALTER – change definition of table or view Oracle9i: SQL
Granting Object Privileges Granted through GRANT command Oracle9i: SQL
Grant Clauses for Object Privileges • GRANT clause – identifies object privileges • ON clause – identifies object • TO clause – identifies user or role receiving privilege • WITH GRANT OPTION clause – gives user ability to assign same privilege to other users Oracle9i: SQL
GRANT Command Example – Object Privileges Oracle9i: SQL
System Privileges • Affect ability to create, alter, and drop objects • Use of ANY keyword with object privilege (INSERT ANY TABLE) is considered a system privilege • List of all available system privileges available through SYSTEM_PRIVILEGE_MAP Oracle9i: SQL
SYSTEM_PRIVILEGE_MAP Oracle9i: SQL
Granting System Privileges System privileges given through GRANT command Oracle9i: SQL
Grant Clauses for System Privileges • GRANT clause – identifies system privileges being granted • TO clause – identifies receiving user or role • WITH ADMIN OPTION clause – allows user to grant privilege to other database users Oracle9i: SQL
GRANT Command Example – System Privileges Oracle9i: SQL
Changing User Password Can use PASSWORD command or ALTER USER command Oracle9i: SQL
Roles • A group, or collection, of privileges • Can be assigned to users or other roles Oracle9i: SQL
Multiple Roles • User can be assigned several roles • All roles can be enabled at one time • Only one role can be designated as default role for each user • Default role can be assigned through ALTER USER command Oracle9i: SQL
Modifying a Role • Roles can be modified with ALTER ROLE command • Roles can be assigned passwords Oracle9i: SQL
Viewing Privileges • ROLE_SYS_PRIVS lists all system privileges assigned to a role • SESSION_PRIVS lists user’s currently enabled roles Oracle9i: SQL
ROLE_SYS_PRIVS Example Oracle9i: SQL
SESSION_PRIVS Example Oracle9i: SQL
Revoking System Privilege Revoke system privileges with REVOKE command Oracle9i: SQL
Revoking Object Privilege If originally granted using WITH GRANT OPTION, the effect cascades and is revoked from subsequent recipients Oracle9i: SQL
Dropping a Role Users receiving privileges via a role that is dropped will no longer have those privileges available Oracle9i: SQL
Dropping a User DROP USER command is used to remove a user account Oracle9i: SQL