- Oracle Database 12c Security Cookbook
- Zoran Pavlovi? Maja Veselica
- 524字
- 2021-07-02 16:43:13
Creating and using database roles
In this recipe, you'll learn the basics about database roles. Roles group together related system and/or object privileges and they can be granted to users and other roles. They simplify privilege management (for example, rather than granting the same set of privileges to many users, you can grant those privileges to a role and then grant that role to users that need those privileges).
Getting ready
For this recipe, you will need an existing (for example, OS-authenticated) user that has a dba role and another three existing users (for example, mike, tom, and jessica). It is assumed that sample schemas are installed.
How to do it...
- Connect to the database as a user who has a dba role:
$ sqlplus / - Create the role
usr_role:SQL> create role usr_role; - Grant system privilege to
usr_role:SQL> grant create session to usr_role; - Grant object privileges to
usr_role:SQL> grant select, insert on hr.employees to usr_role; - Create another role as follows:
SQL> create role mgr_role; - Grant
usr_roletomgr_role:SQL> grant usr_role to mgr_role; - Grant system privileges to
mgr_role:SQL> grant create table to mgr_role; - Grant object privileges to
mgr_role:SQL> grant update, delete on hr.employees to mgr_role; - Grant
usr_roleto user (mike):SQL> grant usr_role to mike; - Grant
mgr_roleto user (tom):SQL> grant mgr_role to tom;
How it works...
In the first step, you used OS authentication to connect to the database. In steps 2 and 3, you granted system privileges and object privileges, respectively, to the role usr_role. In the next steps, you practiced using database roles; you granted the following:
- A role to another role
- System and object privileges to role
- Roles to users
You revoke privileges and roles by using a revoke statement. For example:
SQL> revoke usr_role from mike;
SQL> grant role1 to role2; Grant succeeded. SQL> grant role2 to role1; grant role2 to role1 * ERROR at line 1: ORA-01934: circular role grant detected
There's more...
Suppose that user mike grants object privilege to user jessica with a grant option and user jessica grants that privilege to user tom. If user mike revokes that privilege from jessica, it will be automatically revoked from tom.
SQL> grant select on hr.employees to jessica with grant option; Grant succeeded. SQL> connect jessica Enter password: Connected. SQL> grant select on hr.employees to tom; Grant succeeded. SQL> connect tom/oracle_123 Connected. SQL> select count(*) from hr.employees; COUNT(*) ---------- 107 SQL> connect mike/welcome1 Connected. SQL> revoke select on hr.employees from jessica; Revoke succeeded. SQL> connect tom/oracle_123 Connected. SQL> select count(*) from hr.employees; select count(*) from hr.employees * ERROR at line 1: ORA-00942: table or view does not exist
See also
- If you want to learn more about roles, see the official Oracle documentation—Oracle Database Security Guide 12c Release 1 (refer Chapter 4, Configuring Privilege and Role Authorization, of this documentation).
- Learning Python Web Penetration Testing
- Embedded Linux Projects Using Yocto Project Cookbook
- ASP.NET Core:Cloud-ready,Enterprise Web Application Development
- Oracle WebLogic Server 12c:First Look
- C程序設計簡明教程(第二版)
- Mastering ServiceStack
- 深入淺出WPF
- JavaScript Unlocked
- 大學計算機基礎(第2版)(微課版)
- SQL基礎教程(視頻教學版)
- Learning ArcGIS for Desktop
- D3.js By Example
- IBM Cognos TM1 Developer's Certification guide
- Learning Concurrency in Python
- Java程序設計