- Oracle Database 12c Security Cookbook
- Zoran Pavlovi? Maja Veselica
- 410字
- 2021-07-02 16:43:17
Granting privileges and roles locally
A local privilege is a privilege than can be exercised only in a container in which it is granted. Depending only on the way it is granted, a privilege becomes common or local. When you grant privilege locally (in the current container), it becomes a local privilege. Both common and local users or roles can have local privileges.
Getting ready
For this recipe, you'll need an existing user (c##maja) who can grant some privileges (for example, create procedure, create table, create view, and create synonym) and roles (c##role1, c##role2, c##role3, c##role4, and local_role1) in a specific container (root or PDB; in our case, pdb1) to existing users and roles (c##john, mike, local_role1, c##role1, c##role3, and c##role4).
How to do it...
- You should connect to the container (root or pluggable database) in which you want to grant the privilege as a common or local user who can grant that privilege (for example,
c##maja):SQL> connect c##maja@pdb1 - Grant a privilege (for example,
create synonym) to a common user (for example,c##john) locally:c##maja@PDB1> grant create synonym to c##john container=current; - Grant a privilege (for example,
create view) to a local user (for example,mike) locally:c##maja@PDB1> grant create view to mike container=current; - Grant a privilege (for example,
create table) to a common role (for example,c##role1) locally:c##maja@PDB1> grant create table to c##role1 container=current; - Grant a privilege (for example,
create procedure) to a local role (for example,local_role1) locally:c##maja@PDB1> grant create procedure to local_role1 container=current; - Grant a common role (for example,
c##role2) to another common role (for example,c##role3) locally:c##maja@PDB1> grant c##role2 to c##role3 container=current; - Grant a common role (for example,
c##role3) to a local role (for example,local_role1) locally:c##maja@PDB1> grant c##role3 to local_role1 container=current; - Grant a local role (for example,
local_role1) to a common role (for example,c##role4) locally:c##maja@PDB1> grant local_role1 to c##role4 container=current; - Grant a common role (for example,
c##role4) to a common user (for example,c##john) locally:c##maja@PDB1> grant c##role4 to c##john container=current;
How it works...
In the previous section, we have seen different types of local grants. Local grants are valid only in the current container even though the granted user (or role) is common. Consequently, common users and common roles can have a different set of privileges in different containers. Steps 3, 5, 7, and 8 can't be done in the root container because there are no local users and local roles in the root container.
- Drupal 8 Blueprints
- C語言程序設(shè)計(jì)(第2 版)
- Oracle從新手到高手
- CentOS 7 Server Deployment Cookbook
- 架構(gòu)不再難(全5冊(cè))
- Learning Elixir
- Mastering macOS Programming
- HTML5 and CSS3 Transition,Transformation,and Animation
- 小學(xué)生C++創(chuàng)意編程(視頻教學(xué)版)
- Programming with CodeIgniterMVC
- Zabbix Performance Tuning
- Python 3快速入門與實(shí)戰(zhàn)
- Go Systems Programming
- Oracle SOA Suite 12c Administrator's Guide
- HTML5+CSS3+jQuery Mobile+Bootstrap開發(fā)APP從入門到精通(視頻教學(xué)版)