- Oracle Database 12c Security Cookbook
- Zoran Pavlovi? Maja Veselica
- 410字
- 2021-07-02 16:43:17
Granting privileges and roles locally
A local privilege is a privilege than can be exercised only in a container in which it is granted. Depending only on the way it is granted, a privilege becomes common or local. When you grant privilege locally (in the current container), it becomes a local privilege. Both common and local users or roles can have local privileges.
Getting ready
For this recipe, you'll need an existing user (c##maja) who can grant some privileges (for example, create procedure, create table, create view, and create synonym) and roles (c##role1, c##role2, c##role3, c##role4, and local_role1) in a specific container (root or PDB; in our case, pdb1) to existing users and roles (c##john, mike, local_role1, c##role1, c##role3, and c##role4).
How to do it...
- You should connect to the container (root or pluggable database) in which you want to grant the privilege as a common or local user who can grant that privilege (for example,
c##maja):SQL> connect c##maja@pdb1 - Grant a privilege (for example,
create synonym) to a common user (for example,c##john) locally:c##maja@PDB1> grant create synonym to c##john container=current; - Grant a privilege (for example,
create view) to a local user (for example,mike) locally:c##maja@PDB1> grant create view to mike container=current; - Grant a privilege (for example,
create table) to a common role (for example,c##role1) locally:c##maja@PDB1> grant create table to c##role1 container=current; - Grant a privilege (for example,
create procedure) to a local role (for example,local_role1) locally:c##maja@PDB1> grant create procedure to local_role1 container=current; - Grant a common role (for example,
c##role2) to another common role (for example,c##role3) locally:c##maja@PDB1> grant c##role2 to c##role3 container=current; - Grant a common role (for example,
c##role3) to a local role (for example,local_role1) locally:c##maja@PDB1> grant c##role3 to local_role1 container=current; - Grant a local role (for example,
local_role1) to a common role (for example,c##role4) locally:c##maja@PDB1> grant local_role1 to c##role4 container=current; - Grant a common role (for example,
c##role4) to a common user (for example,c##john) locally:c##maja@PDB1> grant c##role4 to c##john container=current;
How it works...
In the previous section, we have seen different types of local grants. Local grants are valid only in the current container even though the granted user (or role) is common. Consequently, common users and common roles can have a different set of privileges in different containers. Steps 3, 5, 7, and 8 can't be done in the root container because there are no local users and local roles in the root container.
- 流量的秘密:Google Analytics網站分析與優化技巧(第2版)
- Web前端開發技術:HTML、CSS、JavaScript(第3版)
- 跟“龍哥”學C語言編程
- Learning Linux Binary Analysis
- MATLAB定量決策五大類問題
- PostgreSQL Replication(Second Edition)
- Access 2010數據庫應用技術(第2版)
- Android系統原理及開發要點詳解
- Swift Playgrounds少兒趣編程
- Unity UI Cookbook
- Natural Language Processing with Java and LingPipe Cookbook
- 速學Python:程序設計從入門到進階
- 大話Java:程序設計從入門到精通
- Sails.js Essentials
- Unity Android Game Development by Example Beginner's Guide