- Oracle Database 12c Security Cookbook
- Zoran Pavlovi? Maja Veselica
- 524字
- 2021-07-02 16:43:13
Creating and using database roles
In this recipe, you'll learn the basics about database roles. Roles group together related system and/or object privileges and they can be granted to users and other roles. They simplify privilege management (for example, rather than granting the same set of privileges to many users, you can grant those privileges to a role and then grant that role to users that need those privileges).
Getting ready
For this recipe, you will need an existing (for example, OS-authenticated) user that has a dba role and another three existing users (for example, mike, tom, and jessica). It is assumed that sample schemas are installed.
How to do it...
- Connect to the database as a user who has a dba role:
$ sqlplus / - Create the role
usr_role:SQL> create role usr_role; - Grant system privilege to
usr_role:SQL> grant create session to usr_role; - Grant object privileges to
usr_role:SQL> grant select, insert on hr.employees to usr_role; - Create another role as follows:
SQL> create role mgr_role; - Grant
usr_roletomgr_role:SQL> grant usr_role to mgr_role; - Grant system privileges to
mgr_role:SQL> grant create table to mgr_role; - Grant object privileges to
mgr_role:SQL> grant update, delete on hr.employees to mgr_role; - Grant
usr_roleto user (mike):SQL> grant usr_role to mike; - Grant
mgr_roleto user (tom):SQL> grant mgr_role to tom;
How it works...
In the first step, you used OS authentication to connect to the database. In steps 2 and 3, you granted system privileges and object privileges, respectively, to the role usr_role. In the next steps, you practiced using database roles; you granted the following:
- A role to another role
- System and object privileges to role
- Roles to users
You revoke privileges and roles by using a revoke statement. For example:
SQL> revoke usr_role from mike;
SQL> grant role1 to role2; Grant succeeded. SQL> grant role2 to role1; grant role2 to role1 * ERROR at line 1: ORA-01934: circular role grant detected
There's more...
Suppose that user mike grants object privilege to user jessica with a grant option and user jessica grants that privilege to user tom. If user mike revokes that privilege from jessica, it will be automatically revoked from tom.
SQL> grant select on hr.employees to jessica with grant option; Grant succeeded. SQL> connect jessica Enter password: Connected. SQL> grant select on hr.employees to tom; Grant succeeded. SQL> connect tom/oracle_123 Connected. SQL> select count(*) from hr.employees; COUNT(*) ---------- 107 SQL> connect mike/welcome1 Connected. SQL> revoke select on hr.employees from jessica; Revoke succeeded. SQL> connect tom/oracle_123 Connected. SQL> select count(*) from hr.employees; select count(*) from hr.employees * ERROR at line 1: ORA-00942: table or view does not exist
See also
- If you want to learn more about roles, see the official Oracle documentation—Oracle Database Security Guide 12c Release 1 (refer Chapter 4, Configuring Privilege and Role Authorization, of this documentation).
- UI設計基礎培訓教程
- Visual Studio 2012 Cookbook
- 前端跨界開發指南:JavaScript工具庫原理解析與實戰
- Offer來了:Java面試核心知識點精講(原理篇)
- 營銷數據科學:用R和Python進行預測分析的建模技術
- Android 7編程入門經典:使用Android Studio 2(第4版)
- Visual Basic 6.0程序設計實驗教程
- Unity 3D腳本編程:使用C#語言開發跨平臺游戲
- Hack與HHVM權威指南
- 3ds Max 2018從入門到精通
- Android應用程序設計
- Visual C#(學習筆記)
- PhantomJS Cookbook
- Android項目實戰:博學谷
- 高性能MVVM框架的設計與實現:San