0% found this document useful (0 votes)
20 views17 pages

f1 v2 Lect 16

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
20 views17 pages

f1 v2 Lect 16

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

Managing

Privileges

Copyright © 2001-2024, Punjab University. All rights reserved.


Objectives

After completing this lesson, you should be able to do the


following

• Identify system and object privileges


• Grant and Revoke privileges

16-2 Copyright © 2001-2024, PUCIT. All rights reserved.


Managing Privileges

Two types of Oracle user privileges

• System: Enables users to perform particular actions


in the database
• Object: Enables users to access and manipulate a
specific object

16-3 Copyright © 2001-2024, PUCIT. All rights reserved.


System Privileges

• There are more than 100 distinct system privileges.


• The ANY keyword in privileges signifies that users
have the privilege in any schema.
• The GRANT command adds a privilege to a user or
a group of users.
• The REVOKE command deletes the privileges.

16-4 Copyright © 2001-2024, PUCIT. All rights reserved.


System Privileges: Examples

Category Examples
INDEX CREATE ANY INDEX
ALTER ANY INDEX
DROP ANY INDEX
TABLE CREATE TABLE
CREATE ANY TABLE
ALTER ANY TABLE
DROP ANY TABLE
SELECT ANY TABLE
UPDATE ANY TABLE
DELETE ANY TABLE
SESSION CREATE SESSION
ALTER SESSION
RESTRICTED SESSION
TABLESPACE CREATE TABLESPACE
ALTER TABLESPACE
DROP TABLESPACE
UNLIMITED TABLESPACE

16-5 Copyright © 2001-2024, PUCIT. All rights reserved.


Granting System Privileges

• Use the GRANT command to grant system


privileges.
• Grantee can further grant the system privilege with
ADMIN option.

GRANT CREATE SESSION TO emi;

GRANT CREATE SESSION TO emi WITH ADMIN OPTION;

16-6 Copyright © 2001-2024, PUCIT. All rights reserved.


SYSDBA and SYSOPER
Privileges

Category Examples
SYSOPER STARTUP
SHUTDOWN
ALTER DATABASE OPEN | MOUNT
ALTER DATABASE BACKUP CONTROLFILE TO
RECOVER DATABASE
ALTER DATABASE ARCHIVELOG
RESTRICTED SESSION
SYSDBA SYSOPER PRIVILEGES WITH ADMIN OPTION
CREATE DATABASE
ALTER TABLESPACE BEGIN/END BACKUP
RESTRICTED SESSION
RECOVER DATABASE UNTIL

16-7 Copyright © 2001-2024, PUCIT. All rights reserved.


System Privilege Restrictions

• O7_DICTIONARY_ACCESSIBILITY parameter
• Controls restrictions on SYSTEM privileges
• If set to TRUE, allows access to objects in SYS
schema
• The default is FALSE: ensures that system
privileges that allow access to any schema do not
allow access to SYS schema

16-8 Copyright © 2001-2024, PUCIT. All rights reserved.


Revoking System Privileges

• Use the REVOKE command to remove a system


privilege from a user.
• Users with ADMIN OPTION for system privilege can
revoke system privileges.
• Can only revoke privileges granted with a GRANT
command.

REVOKE CREATE TABLE FROM emi;

16-9 Copyright © 2001-2024, PUCIT. All rights reserved.


Revoking System Privileges
with the ADMIN OPTION
DBA Jeff Emi

GRANT

DBA Jeff Emi


REVOKE

16-10 Copyright © 2001-2024, PUCIT. All rights reserved.


Object Privileges

Object priv. Table View Sequence Procedure


ALTER    
DELETE  
EXECUTE 
INDEX  
INSERT  
REFERENCES 
SELECT   
UPDATE  

16-11 Copyright © 2001-2024, PUCIT. All rights reserved.


Granting Object Privileges

• Use the GRANT command to grant object privileges.


• Grant must be in grantors schema or grantor must
have GRANT OPTION.

GRANT EXECUTE ON dbms_output TO jeff;

GRANT UPDATE ON emi.customers TO jeff


WITH GRANT OPTION;

16-12 Copyright © 2001-2024, PUCIT. All rights reserved.


Revoking Object Privileges

• Use the REVOKE command to revoke object privileges.


• User revoking the privilege must be the original
grantor of the object privilege being revoked.

REVOKE SELECT ON emi.orders FROM jeff;

16-13 Copyright © 2001-2024, PUCIT. All rights reserved.


Revoking Object Privileges
WITH GRANT OPTION

Bob Jeff Emi


GRANT

REVOKE Bob Jeff Emi

16-14 Copyright © 2001-2024, PUCIT. All rights reserved.


Obtaining Privileges Information

Information about privileges can be obtained by querying


the following views

• DBA_SYS_PRIVS
• SESSION_PRIVS
• DBA_TAB_PRIVS
• DBA_COL_PRIVS

16-15 Copyright © 2001-2024, PUCIT. All rights reserved.


Summary

In this lesson, you should have learned how to

• Identify system and object privileges


• Grant and revoke privileges

16-16 Copyright © 2001-2024, PUCIT. All rights reserved.


Practice 16 Overview

This practice covers the following topics

• Creating user and granting system privileges


• Granting object privileges to users

16-17 Copyright © 2001-2024, PUCIT. All rights reserved.

You might also like