Oracle_071_lesson_p18

原創 TONY16168 2018-09-10 03:50

Controlling User Access 控制用戶訪問

you should be able to do the following:
1、Differentiate system privileges from object privileges
2、Grant privileges on tables
3、Grant roles
4、Distinguish between privileges and roles

Database security:
1、System security
2、Data security
System privileges: Performing a particular action within the database
Object privileges: Manipulating the content of the database objects
Schemas: Collection of objects such as tables, views, and sequences

CREATE USER user
IDENTIFIED BY password;

CREATE USER demo
IDENTIFIED BY demo;

GRANT privilege [, privilege...]
TO user [, user| role, PUBLIC...];

An application developer, for example, may have the following system privileges:
CREATE SESSION 限制登錄數據庫權限
CREATE TABLE
CREATE SEQUENCE
CREATE VIEW
CREATE PROCEDURE

GRANT create session, create table,
create sequence, create view
TO demo;

grant create table, create view to user1,user2;

grant read,write on dictionary dmp to user1;

select * from v$SESSION;

grant select any dictionary to user1;

grant select any table to user1;

desc DBA_SYS_PRIVS 系統權限視圖表

select dictinct privilege from dba_sys_privs;

CREATE ROLE manager; 創建角色

GRANT create table, create view 對角色賦權
TO manager;

GRANT manager TO alice; 對用戶賦予某角色的權限

示例:創建角色並賦權給用戶
create role dev;
grant create session, create table to dev;
create user test1 identified by test1 ; 用戶test1 密碼test1
grant dev to test1;

對用戶改密碼:
alter user test1 identified by test2;
grant alter user to test1; 給普通用戶改其他用戶的密碼的權限;

ALTER USER demo
IDENTIFIED BY employ;

Oracle_071_lesson_p18

GRANT object_priv [(columns)]
ON object
TO {user|role|PUBLIC}
[WITH GRANT OPTION];

GRANT select
ON employees
TO demo;

GRANT update (department_name, location_id)
ON departments
TO demo, manager;

GRANT select, insert
ON departments
TO demo
WITH GRANT OPTION;

GRANT select
ON departments
TO PUBLIC; 對所有用戶

USER_SYS_PRIVS 用戶權限視圖表
USER_ROLE_PRIVS
ROLE_SYS_PRIVS
ROLE_TAB_PRIVS
DBA_ROLE_PRIVS

一般對開發者開以下權限:
grant connect, resource to dev1;
grant unlimited tablespace to dev1; 對錶空間不限制
alter user test quota 10M on users; test 用戶只能對users 表空間有10M空間

指定用戶默認表空間:
alter user test1 default tablespace system;
select * from dba_users where username='test1';

with grant option 轉授權限,可轉授權限給其他用戶
user_tab_privs

Oracle_071_lesson_p18

回收權限
REVOKE {privilege [, privilege...]|ALL}
ON object
FROM {user[, user...]|role|PUBLIC}
[CASCADE CONSTRAINTS];

REVOKE select, insert
ON departments
FROM demo;

select from usr_tab_privs_recd; 用戶的權限可通過這個查詢;
select from usr_tab_privs_made where tablename='emp'; 誰有權限對錶可訪問

grant all on emp to user1; 賦予全部權限
revoke all on emp from user1; 回收全部權限

select * from user_tab_privs; 查用戶的權限的表

drop user test cascate; 刪除用戶。

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

Oracle_052_lesson_p10

TONY16168 2018-09-10 03:53:08

Oracle_052_lesson_p13

TONY16168 2018-09-10 03:53:08

【OCP-12c】CUUG 071題庫考試原題及答案解析(22)

cto_5359 2019-02-21 13:24:33

【OCP認證12c題庫】CUUG 071題庫考試原題及答案(25)

cto_5359 2019-02-21 13:24:31

【OCP認證12c題庫】CUUG 071題庫考試原題及答案(27)

cto_5359 2019-02-21 13:24:31

【OCP認證12c題庫】CUUG 071題庫考試原題及答案(26)

cto_5359 2019-02-21 13:24:31

OCP 12c最新考試原題及答案(071-7)

cto_5359 2019-02-15 13:26:18

OCP 12c最新考試原題及答案(071-8)

cto_5359 2019-02-15 13:26:18

OCP 12c最新考試題庫及答案(071-2)

cto_5359 2019-02-13 13:26:36

OCP 12c最新考試原題及答案(071-3)

cto_5359 2019-02-13 13:26:36

OCP 12c最新考試原題及答案(071-4)

cto_5359 2019-02-13 13:26:36

Oracle ocp 12c-071最新考試題庫及答案-1

cto_5359 2019-02-13 13:26:35

《計算機操作系統》學習筆記(一)---操作系統引論

xuyuanfan77 2018-09-11 08:35:18

《計算機操作系統》學習筆記(三)---存儲器管理

xuyuanfan77 2018-09-11 08:35:18

《計算機操作系統》學習筆記(二)---處理機管理

xuyuanfan77 2018-09-11 08:35:16