- Oracle Database 12c Security Cookbook
- Zoran Pavlovi? Maja Veselica
- 524字
- 2021-07-02 16:43:13
Creating and using database roles
In this recipe, you'll learn the basics about database roles. Roles group together related system and/or object privileges and they can be granted to users and other roles. They simplify privilege management (for example, rather than granting the same set of privileges to many users, you can grant those privileges to a role and then grant that role to users that need those privileges).
Getting ready
For this recipe, you will need an existing (for example, OS-authenticated) user that has a dba role and another three existing users (for example, mike, tom, and jessica). It is assumed that sample schemas are installed.
How to do it...
- Connect to the database as a user who has a dba role:
$ sqlplus / - Create the role
usr_role:SQL> create role usr_role; - Grant system privilege to
usr_role:SQL> grant create session to usr_role; - Grant object privileges to
usr_role:SQL> grant select, insert on hr.employees to usr_role; - Create another role as follows:
SQL> create role mgr_role; - Grant
usr_roletomgr_role:SQL> grant usr_role to mgr_role; - Grant system privileges to
mgr_role:SQL> grant create table to mgr_role; - Grant object privileges to
mgr_role:SQL> grant update, delete on hr.employees to mgr_role; - Grant
usr_roleto user (mike):SQL> grant usr_role to mike; - Grant
mgr_roleto user (tom):SQL> grant mgr_role to tom;
How it works...
In the first step, you used OS authentication to connect to the database. In steps 2 and 3, you granted system privileges and object privileges, respectively, to the role usr_role. In the next steps, you practiced using database roles; you granted the following:
- A role to another role
- System and object privileges to role
- Roles to users
You revoke privileges and roles by using a revoke statement. For example:
SQL> revoke usr_role from mike;
SQL> grant role1 to role2; Grant succeeded. SQL> grant role2 to role1; grant role2 to role1 * ERROR at line 1: ORA-01934: circular role grant detected
There's more...
Suppose that user mike grants object privilege to user jessica with a grant option and user jessica grants that privilege to user tom. If user mike revokes that privilege from jessica, it will be automatically revoked from tom.
SQL> grant select on hr.employees to jessica with grant option; Grant succeeded. SQL> connect jessica Enter password: Connected. SQL> grant select on hr.employees to tom; Grant succeeded. SQL> connect tom/oracle_123 Connected. SQL> select count(*) from hr.employees; COUNT(*) ---------- 107 SQL> connect mike/welcome1 Connected. SQL> revoke select on hr.employees from jessica; Revoke succeeded. SQL> connect tom/oracle_123 Connected. SQL> select count(*) from hr.employees; select count(*) from hr.employees * ERROR at line 1: ORA-00942: table or view does not exist
See also
- If you want to learn more about roles, see the official Oracle documentation—Oracle Database Security Guide 12c Release 1 (refer Chapter 4, Configuring Privilege and Role Authorization, of this documentation).
- 手機安全和可信應用開發指南:TrustZone與OP-TEE技術詳解
- 嵌入式軟件系統測試:基于形式化方法的自動化測試解決方案
- C語言程序設計教程(第2版)
- Mastering Ext JS
- C#程序設計
- Express Web Application Development
- C語言程序設計
- MySQL入門很輕松(微課超值版)
- C語言程序設計習題與實驗指導
- JavaScript+jQuery網頁特效設計任務驅動教程
- ActionScript 3.0從入門到精通(視頻實戰版)
- Learning iOS Security
- Learning Unreal Engine Game Development
- Python機器學習與量化投資
- 透視C#核心技術:系統架構及移動端開發