Download Oracle_ch7 - Gonzaga University Student Web Server

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
Document related concepts

Entity–attribute–value model wikipedia , lookup

IMDb wikipedia , lookup

Open Database Connectivity wikipedia , lookup

Concurrency control wikipedia , lookup

Ingres (database) wikipedia , lookup

Relational model wikipedia , lookup

Database wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

PL/SQL wikipedia , lookup

Clusterpoint wikipedia , lookup

Database model wikipedia , lookup

Oracle Database wikipedia , lookup

Transcript 
Chapter 7
User Creation and Management
Jason C. H. Chen, Ph.D.
Professor of MIS
School of Business
Gonzaga University
Spokane, WA 99258 USA
[email protected]
Dr. Chen, Oracle Database System (Oracle)
1
Objectives
• Explain the concept of data security
• Create a new user account
• Identify two types of privileges: system and
object
• Grant privileges to a user
• Address password expiration requirements
• Change the password of an existing account
Dr. Chen, Oracle Database System (Oracle)
2
Objectives (continued)
•
•
•
•
•
•
Create a role
Grant privileges to a role
Assign a user to a role
View privilege information
Revoke privileges from a user and a role
Remove a user and roles
Dr. Chen, Oracle Database System (Oracle)
3
Basic SQL Concepts
• DDL (Data Definition Language)
– commands that work with the objects (tables, indexes,
views, etc.) in the database. e..g., CREATE, ALTER,
DROP, and RENAME.
• DML (Data Manipulation Language)
– commands that work with the (physical) data in the
database. e.g., SELECT, INSERT, UPDATE, and DELETE
• DCL ( Data Control Language )
– commands that control a database, including administering
privileges. e.g., GRANT, REVOKE.
Dr. Chen, Oracle Database System (Oracle)
4
Data Security
• User accounts provide a method of
authentication
• They can grant access to specific objects
• They identify owners of objects
Dr. Chen, Oracle Database System (Oracle)
5
Creating a User
• The CREATE USER command gives each user
a user name and password
Figure 7-1
Syntax of the CREATE USER command
Can you perform this command? Why?
Dr. Chen, Oracle Database System (Oracle)
6
Assigning User Privileges
• There are two types of privileges
• System privileges
– Allow access to the database and execution of
DDL operations
• Object privileges
– Allow a user to perform DML and query
operations
Dr. Chen, Oracle Database System (Oracle)
7
Practice
• Type the following command
SELECT * FROM location;
• I grant the following to all of you:
GRANT SELECT ON location
TO PUBLIC;
• You type the following again
SELECT * FROM c##chen.location;
• I revoke the following from you:
REVOKE SELECT ON location FROM PUBLIC;
• You type the following again
SELECT * FROM c##chen.location;
Just for the instructor:
@ c:\oradata\NW_CW\northwoods.sql
Dr. Chen, Oracle Database System (Oracle)
8
Examples of Object Privileges
Object Type
Privilege
Description
Table,
Sequence
ALTER
Allows user to change object’s structure
using the ALTER command
Table,
Sequence
DROP
Allows user to drop object
Table,
Sequence
SELECT
Allows user to view object
Table
INSERT, Allows user to insert, update, delete table
UPDATE, data
DELETE
Any database
object
ALL
Dr. Chen, Oracle Database System (Oracle)
Allows user to perform any operation on
object
9
Pseudo-columns
• Acts like a column in a
database query
• Actually a command that
returns a specific values
• Used to retrieve:
– Current system date
– Name of the current
database user
– Next value in a sequence
Dr. Chen, Oracle Database System (Oracle)
Pseudocolumn Output
Name
CURRVAL
Most recently
retrieved sequence
value
NEXTVAL
Next value in a
sequence
SYSDATE
Current system
date from database
server
USER
Username of
current user
10
Using Pseudo-columns
• Retrieving the current system date:
SELECT SYSDATE
FROM DUAL;
• Retrieving the name of the current user:
SELECT USER
FROM DUAL;
• DUAL is a system table that is used with
pseudo-columns
Dr. Chen, Oracle Database System (Oracle)
11
Your Turn (and Job)
• Read chapter 7 (both pptx file and Oracle
text)
• Practice all examples (script file is available
in the Bb, file name: Ch7_Queries.sql)
Dr. Chen, Oracle Database System (Oracle)
12
Assigning User Privileges (continued)
• Even with a valid user name and password, a
user still needs the CREATE SESSION privilege
to connect to a database
Figure 7-5 Command to grant the CREATE SESSION privilege
Dr. Chen, Oracle Database System (Oracle)
13
System Privileges
• Affect a user’s ability to create, alter, and
drop objects
• Use of ANY keyword with an object
privilege (INSERT ANY TABLE) is
considered a system privilege
• List of all available system privileges
available through
SYSTEM_PRIVILEGE_MAP
Dr. Chen, Oracle Database System (Oracle)
14
SYSTEM_PRIVILEGE_MAP
Figure 7-3 A partial list of available system privelages
Dr. Chen, Oracle Database System (Oracle)
15
Granting System Privileges
• System privileges are given through the
GRANT command
Figure 7-4
Syntax of the GRANT command for system privaleges
Dr. Chen, Oracle Database System (Oracle)
16
Granting System Privileges (continued)
• GRANT clause – identifies system
privileges being granted
• TO clause – identifies receiving user or role
• WITH ADMIN OPTION clause – allows a
user to grant privilege to other database
users
Dr. Chen, Oracle Database System (Oracle)
17
Object Privileges
• SELECT – display data from table, view, or
sequence
• INSERT – insert data into table or view
• UPDATE – change data in a table or view
• DELETE – remove data from a table or
view
• ALTER – change definition of table or view
Dr. Chen, Oracle Database System (Oracle)
18
Granting Object Privileges
• Grant object privileges through the GRANT
command
Figure 7-6 Syntax of the GRANT command for object privileges
Dr. Chen, Oracle Database System (Oracle)
19
Granting Object Privileges (continued)
•
•
•
•
GRANT clause – identifies object privileges
ON clause – identifies object
TO clause – identifies user or role receiving privilege
WITH GRANT OPTION clause – gives a user the ability
to assign the same privilege to other users
GRANT Command Examples
Table 7-2
Examples of Granting Object Privileges to a User
Dr. Chen, Oracle Database System (Oracle)
20
Password Management
• To change a user password, use the PASSWORD
command or the ALTER USER command
Figure 7-12 Command to change a password
Dr. Chen, Oracle Database System (Oracle)
21
Utilizing Roles
• A role is a group, or collection, of privileges
Figure 7-16 Command for creating the ORDERENTRY role
Figure 7-17 Commands for granting privileges to the ORDERENTRY role
Dr. Chen, Oracle Database System (Oracle)
22
Utilizing Roles (continued)
• Roles can be assigned to users or other
roles
Figure 7-18 Command for granting the ORDERENTRY role to RTHOMAS
Dr. Chen, Oracle Database System (Oracle)
23
Utilizing Roles (continued)
• A user can be assigned several roles
• All roles can be enabled at one time
• Only one role can be designated as the
default role for each user
• Default role can be assigned through the
ALTER USER command
Dr. Chen, Oracle Database System (Oracle)
24
Utilizing Roles (continued)
• Roles can be modified with the ALTER
ROLE command
• Roles can be assigned passwords
Figure 7-23 Syntax of the ALTER ROLE command
Dr. Chen, Oracle Database System (Oracle)
25
Viewing Privilege Information
• ROLE_SYS_PRIVS lists all system
privileges assigned to a role
• SESSION_PRIVS lists a user’s currently
enabled roles
Dr. Chen, Oracle Database System (Oracle)
26
ROLE_TAB_PRIVS Example
Figure 7-24 Verifying privileges assigned to a role
Dr. Chen, Oracle Database System (Oracle)
27
Removing Privileges and Roles
• Revoke system privileges with the
REVOKE command
Figure 7-26 Syntax for revoking a system privilege
Dr. Chen, Oracle Database System (Oracle)
28
Removing Privileges and Roles (continued)
• Revoking an object privilege – if the privilege
was originally granted using WITH GRANT
OPTION, the effect cascades and is revoked
from subsequent recipients
Figure 7-27 Syntax for revoking an object privilege
Figure 7-28 Syntax for removing a role from an account
Dr. Chen, Oracle Database System (Oracle)
29
Dropping a Role
• Users receiving privileges via a role that is
dropped will no longer have those
privileges available
Figure 7-31 Syntax of the DROP ROLE command
Figure 7-32 Command for dropping the ORDERENTRY role
Dr. Chen, Oracle Database System (Oracle)
30
Dropping a User
• The DROP USER command is used to
remove a user account
Figure 7-33 Syntax of the DROP USER command
Dr. Chen, Oracle Database System (Oracle)
31
Summary
• Database account management is only one facet of data
security
• A new user account is created with the CREATE USER
command
– The IDENTIFIED BY clause contains the password for
the account
• System privileges are used to grant access to the database and
to create, alter, and drop database objects
• The CREATE SESSION system privilege is required before
a user can access his account on the Oracle server
• The system privileges available in Oracle 11g can be viewed
through the SYSTEM_PRIVILEGE_MAP
Dr. Chen, Oracle Database System (Oracle)
32
Summary (continued)
• Object privileges allow users to manipulate data in
database objects
• Privileges are given through the GRANT command
• The ALTER USER command, combined with the
PASSWORD EXPIRE clause, can be used to force a user
to change her password upon the next attempted login to
the database
• The ALTER USER command, combined with the
IDENTIFIED BY clause, can be used to change a user’s
password
– Privileges can be assigned to roles to make the administration of
privileges easier
Dr. Chen, Oracle Database System (Oracle)
33
Summary (continued)
• Roles are collections of privileges
• The ALTER USER command, combined with the
DEFAULT ROLE keywords, can be used to assign a
default role(s) to a user
• Privileges can be revoked from users and roles using the
REVOKE command
• Roles can be revoked from users using the REVOKE
command
• A role can be deleted using the DROP ROLE command
• A user account can be deleted using the DROP USER
command
Dr. Chen, Oracle Database System (Oracle)
34
Related documents
Big Data Gives Artificial Intelligence Something to Think About
Big Data Gives Artificial Intelligence Something to Think About
Slide 1
Slide 1
Course flyer
Course flyer
Exam preparation session
Exam preparation session
Database Administrator
Database Administrator
Info
Info
post conditional offer contingencies
post conditional offer contingencies
Oracle Application Express
Oracle Application Express
Oracle vs. SQL Server
Oracle vs. SQL Server
Database Administrator - Santa Barbara City College
Database Administrator - Santa Barbara City College
Database Modeling and Implementation
Database Modeling and Implementation
the art of parallel heterogeneous data transformation
the art of parallel heterogeneous data transformation