Controlling User Access 控制用戶訪問
you should be able to do the following:
1、Differentiate system privileges from object privileges
2、Grant privileges on tables
3、Grant roles
4、Distinguish between privileges and roles
Database security:
1、System security
2、Data security
System privileges: Performing a particular action within the database
Object privileges: Manipulating the content of the database objects
Schemas: Collection of objects such as tables, views, and sequences
CREATE USER user
IDENTIFIED BY password;
CREATE USER demo
IDENTIFIED BY demo;
GRANT privilege [, privilege...]
TO user [, user| role, PUBLIC...];
An application developer, for example, may have the following system privileges:
CREATE SESSION 限制登錄數據庫權限
CREATE TABLE
CREATE SEQUENCE
CREATE VIEW
CREATE PROCEDURE
GRANT create session, create table,
create sequence, create view
TO demo;
grant create table, create view to user1,user2;
grant read,write on dictionary dmp to user1;
select * from v$SESSION;
grant select any dictionary to user1;
grant select any table to user1;
desc DBA_SYS_PRIVS 系統權限視圖表
select dictinct privilege from dba_sys_privs;
CREATE ROLE manager; 創建角色
GRANT create table, create view 對角色賦權
TO manager;
GRANT manager TO alice; 對用戶賦予某角色的權限
示例:創建角色並賦權給用戶
create role dev;
grant create session, create table to dev;
create user test1 identified by test1 ; 用戶test1 密碼test1
grant dev to test1;
對用戶改密碼:
alter user test1 identified by test2;
grant alter user to test1; 給普通用戶改其他用戶的密碼的權限;
ALTER USER demo
IDENTIFIED BY employ;
GRANT object_priv [(columns)]
ON object
TO {user|role|PUBLIC}
[WITH GRANT OPTION];
GRANT select
ON employees
TO demo;
GRANT update (department_name, location_id)
ON departments
TO demo, manager;
GRANT select, insert
ON departments
TO demo
WITH GRANT OPTION;
GRANT select
ON departments
TO PUBLIC; 對所有用戶
USER_SYS_PRIVS 用戶權限視圖表
USER_ROLE_PRIVS
ROLE_SYS_PRIVS
ROLE_TAB_PRIVS
DBA_ROLE_PRIVS
一般對開發者開以下權限:
grant connect, resource to dev1;
grant unlimited tablespace to dev1; 對錶空間不限制
alter user test quota 10M on users; test 用戶只能對users 表空間有10M空間
指定用戶默認表空間:
alter user test1 default tablespace system;
select * from dba_users where username='test1';
with grant option 轉授權限,可轉授權限給其他用戶
user_tab_privs
回收權限
REVOKE {privilege [, privilege...]|ALL}
ON object
FROM {user[, user...]|role|PUBLIC}
[CASCADE CONSTRAINTS];
REVOKE select, insert
ON departments
FROM demo;
select from usr_tab_privs_recd; 用戶的權限可通過這個查詢;
select from usr_tab_privs_made where tablename='emp'; 誰有權限對錶可訪問
grant all on emp to user1; 賦予全部權限
revoke all on emp from user1; 回收全部權限
select * from user_tab_privs; 查用戶的權限的表
drop user test cascate; 刪除用戶。