- Oracle Database 12c Security Cookbook
- Zoran Pavlovi? Maja Veselica
- 524字
- 2021-07-02 16:43:13
Creating and using database roles
In this recipe, you'll learn the basics about database roles. Roles group together related system and/or object privileges and they can be granted to users and other roles. They simplify privilege management (for example, rather than granting the same set of privileges to many users, you can grant those privileges to a role and then grant that role to users that need those privileges).
Getting ready
For this recipe, you will need an existing (for example, OS-authenticated) user that has a dba role and another three existing users (for example, mike, tom, and jessica). It is assumed that sample schemas are installed.
How to do it...
- Connect to the database as a user who has a dba role:
$ sqlplus / - Create the role
usr_role:SQL> create role usr_role; - Grant system privilege to
usr_role:SQL> grant create session to usr_role; - Grant object privileges to
usr_role:SQL> grant select, insert on hr.employees to usr_role; - Create another role as follows:
SQL> create role mgr_role; - Grant
usr_roletomgr_role:SQL> grant usr_role to mgr_role; - Grant system privileges to
mgr_role:SQL> grant create table to mgr_role; - Grant object privileges to
mgr_role:SQL> grant update, delete on hr.employees to mgr_role; - Grant
usr_roleto user (mike):SQL> grant usr_role to mike; - Grant
mgr_roleto user (tom):SQL> grant mgr_role to tom;
How it works...
In the first step, you used OS authentication to connect to the database. In steps 2 and 3, you granted system privileges and object privileges, respectively, to the role usr_role. In the next steps, you practiced using database roles; you granted the following:
- A role to another role
- System and object privileges to role
- Roles to users
You revoke privileges and roles by using a revoke statement. For example:
SQL> revoke usr_role from mike;
SQL> grant role1 to role2; Grant succeeded. SQL> grant role2 to role1; grant role2 to role1 * ERROR at line 1: ORA-01934: circular role grant detected
There's more...
Suppose that user mike grants object privilege to user jessica with a grant option and user jessica grants that privilege to user tom. If user mike revokes that privilege from jessica, it will be automatically revoked from tom.
SQL> grant select on hr.employees to jessica with grant option; Grant succeeded. SQL> connect jessica Enter password: Connected. SQL> grant select on hr.employees to tom; Grant succeeded. SQL> connect tom/oracle_123 Connected. SQL> select count(*) from hr.employees; COUNT(*) ---------- 107 SQL> connect mike/welcome1 Connected. SQL> revoke select on hr.employees from jessica; Revoke succeeded. SQL> connect tom/oracle_123 Connected. SQL> select count(*) from hr.employees; select count(*) from hr.employees * ERROR at line 1: ORA-00942: table or view does not exist
See also
- If you want to learn more about roles, see the official Oracle documentation—Oracle Database Security Guide 12c Release 1 (refer Chapter 4, Configuring Privilege and Role Authorization, of this documentation).
- Building a RESTful Web Service with Spring
- C++ Builder 6.0下OpenGL編程技術
- RTC程序設計:實時音視頻權威指南
- Flash CS6中文版應用教程(第三版)
- Python數據分析(第2版)
- ADI DSP應用技術集錦
- Hands-On Automation Testing with Java for Beginners
- ASP.NET開發與應用教程
- Spring Boot+Vue全棧開發實戰
- 基于SpringBoot實現:Java分布式中間件開發入門與實戰
- R Data Science Essentials
- UML2面向對象分析與設計(第2版)
- jQuery從入門到精通(微課精編版)
- Python第三方庫開發應用實戰
- Java 11 and 12:New Features