- Oracle Database 12c Security Cookbook
- Zoran Pavlovi? Maja Veselica
- 410字
- 2021-07-02 16:43:17
Granting privileges and roles locally
A local privilege is a privilege than can be exercised only in a container in which it is granted. Depending only on the way it is granted, a privilege becomes common or local. When you grant privilege locally (in the current container), it becomes a local privilege. Both common and local users or roles can have local privileges.
Getting ready
For this recipe, you'll need an existing user (c##maja) who can grant some privileges (for example, create procedure, create table, create view, and create synonym) and roles (c##role1, c##role2, c##role3, c##role4, and local_role1) in a specific container (root or PDB; in our case, pdb1) to existing users and roles (c##john, mike, local_role1, c##role1, c##role3, and c##role4).
How to do it...
- You should connect to the container (root or pluggable database) in which you want to grant the privilege as a common or local user who can grant that privilege (for example,
c##maja):SQL> connect c##maja@pdb1 - Grant a privilege (for example,
create synonym) to a common user (for example,c##john) locally:c##maja@PDB1> grant create synonym to c##john container=current; - Grant a privilege (for example,
create view) to a local user (for example,mike) locally:c##maja@PDB1> grant create view to mike container=current; - Grant a privilege (for example,
create table) to a common role (for example,c##role1) locally:c##maja@PDB1> grant create table to c##role1 container=current; - Grant a privilege (for example,
create procedure) to a local role (for example,local_role1) locally:c##maja@PDB1> grant create procedure to local_role1 container=current; - Grant a common role (for example,
c##role2) to another common role (for example,c##role3) locally:c##maja@PDB1> grant c##role2 to c##role3 container=current; - Grant a common role (for example,
c##role3) to a local role (for example,local_role1) locally:c##maja@PDB1> grant c##role3 to local_role1 container=current; - Grant a local role (for example,
local_role1) to a common role (for example,c##role4) locally:c##maja@PDB1> grant local_role1 to c##role4 container=current; - Grant a common role (for example,
c##role4) to a common user (for example,c##john) locally:c##maja@PDB1> grant c##role4 to c##john container=current;
How it works...
In the previous section, we have seen different types of local grants. Local grants are valid only in the current container even though the granted user (or role) is common. Consequently, common users and common roles can have a different set of privileges in different containers. Steps 3, 5, 7, and 8 can't be done in the root container because there are no local users and local roles in the root container.
- Facebook Application Development with Graph API Cookbook
- TypeScript入門與實(shí)戰(zhàn)
- 我的第一本算法書
- 編譯系統(tǒng)透視:圖解編譯原理
- Hands-On Natural Language Processing with Python
- Serverless computing in Azure with .NET
- Bootstrap 4 Cookbook
- Mastering C++ Multithreading
- Django Design Patterns and Best Practices
- Visual Basic 程序設(shè)計實(shí)踐教程
- Hands-On ROS for Robotics Programming
- C++從零開始學(xué)(視頻教學(xué)版)(第2版)
- 計算機(jī)視覺實(shí)戰(zhàn):基于TensorFlow 2
- Cocos2D Game Development Essentials
- C#網(wǎng)絡(luò)程序開發(fā)(第二版)