20 Managing Roles. 20-2 Objectives Creating and modifying roles Controlling availability of roles Removing roles Using predefined roles Displaying role.

Slides:



Advertisements
Similar presentations
13 Copyright © Oracle Corporation, All rights reserved. Controlling User Access.
Advertisements

Oracle 10g Database Administrator: Implementation and Administration
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
Chapter 9 Auditing Database Activities
System Administration Accounts privileges, users and roles
Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.
Administering User Security
Database Security Managing Users and Security Models.
Adapted from Afyouni, Database Security and Auditing DB Auditing Examples (Ch. 9) Dr. Mario Guimaraes.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.
CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.
9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
Copyright س Oracle Corporation, All rights reserved. 14 Controlling User Access.
Database Programming Sections 13–Creating, revoking objects privileges.
Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.
To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh.
Week 7 Lecture 1 Database Roles. Learning Objectives  Discover when and why to use roles  Learn how to create, modify, and remove roles  Learn how.
INTRODUCTION TO ORACLE Lynnwood Brown System Managers LLC End User Management – Lecture 3 Copyright System Managers LLC 2007 all rights reserved.
7 Copyright © 2004, Oracle. All rights reserved. Administering Users.
16 Copyright © Oracle Corporation, All rights reserved. Managing Privileges.
Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.
DCL/1 Data Control Language Objectives –To learn about the security mechanisms implemented in an RDBMS and how to use them Contents –Identifying Users.
1 IT420: Database Management and Organization Database Security 5 April 2006 Adina Crăiniceanu
IST 318 Database Administration Lecture 10 Managing Roles.
17 Copyright © Oracle Corporation, All rights reserved. Managing Roles.
Managing users and security Akhtar Ali. Aims Understand and manage profiles Understand and manage users Understand and manage privileges Understand and.
Roles & privileges privilege A user privilege is a right to execute a particular type of SQL statement, or a right to access another user's object. The.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 9 Auditing Database Activities.
Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.
Controlling User Access Fresher Learning Program January, 2012.
© 2009 Punjab University College of Information Technology (PUCIT) September 8, 2009 Slide 1 (SQL) Controlling User Access Asif Sohail University of the.
Controlling User Access. 2 home back first prev next last What Will I Learn? Compare the difference between object privileges and system privileges Construct.
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Copyright © 2004, Oracle. All rights reserved. CONTROLLING USER ACCESS Oracle Lecture 8.
Transactions, Roles & Privileges Oracle and ANSI Standard SQL Lecture 11.
Altering Tables and Constraints Database Systems Objectives Add and modify columns. Add, enable, disable, or remove constraints. Drop a table. Remove.
IST 318 Database Administration Lecture 9 Database Security.
Chapter 13Introduction to Oracle9i: SQL1 Chapter 13 User Creation and Management.
Oracle 11g: SQL Chapter 7 User Creation and Management.
13 Copyright © Oracle Corporation, All rights reserved. Controlling User Access.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
1 Copyright © 2006, Oracle. All rights reserved. Controlling User Access ( 사용자 접근 제어 )
7 Copyright © 2007, Oracle. All rights reserved. Administering User Security.
1 Copyright © 2009, Oracle. All rights reserved. Controlling User Access.
19 Managing Privileges Objectives Identifying system and object privileges Granting and revoking privileges Controlling operating system or password.
Dr. Chen, Oracle Database System (Oracle) 1 Chapter 7 User Creation and Management Jason C. H. Chen, Ph.D. Professor of MIS School of Business Gonzaga.
 CONACT UC:  Magnific training   
Database Systems Slide 1 Database Systems Lecture 4 Database Security - Concept Manual : Chapter 20 - Database Security Manual : Chapters 5,10 - SQL Reference.
WELCOME! SQL Server Security. Scott Gleason This is my 9 th Jacksonville SQL Saturday Over ten years DBA experience Director of Database Operations
Database Security Advanced Database Dr. AlaaEddin Almabhouh.
Copyright  Oracle Corporation, All rights reserved. 14 Controlling User Access.
6 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
Controlling User Access
Controlling User Access
Managing Privileges.
Controlling User Access
Objectives User access Create users Create roles
Controlling User Access
Managing Privileges.
Database Security.
Database Security.
OER- UNIT 3 Authorization
Session #, Speaker Name Database Privileges 11/29/2018.
אבטחת נתונים בסביבת SQL Data Security
Create New User in Database. First Connect the System.
Managing Privileges.
Copyright © 2013 – 2018 by Curt Hill
Presentation transcript:

20 Managing Roles

20-2 Objectives Creating and modifying roles Controlling availability of roles Removing roles Using predefined roles Displaying role information from the data dictionary Creating and modifying roles Controlling availability of roles Removing roles Using predefined roles Displaying role information from the data dictionary

20-3 Roles Role: named groups of related privileges Granted/revoked with same commands as for privilegesGranted/revoked with same commands as for privileges Maybe granted to user or role (except itself)Maybe granted to user or role (except itself) Can consist of object and system privilegesCan consist of object and system privileges May be enabled/disabledMay be enabled/disabled Can require password to enableCan require password to enable Not owned by anyoneNot owned by anyone

20-4 Roles Users Privileges Roles UPDATE ON EMP INSERT ON EMP SELECT ON EMP CREATE TABLE CREATE SESSION HR_CLERKHR_MGR A B C

20-5 Benefits of Roles Reduced granting of privileges Dynamic privilege management Selective availability of privileges Granted through the OS No cascading revokes Improved performance Reduced granting of privileges Dynamic privilege management Selective availability of privileges Granted through the OS No cascading revokes Improved performance

20-6 Creating Roles CREATE ROLE sales_clerk; CREATE ROLE hr_clerk IDENTIFIED BY bonus; CREATE ROLE hr_clerk IDENTIFIED BY bonus; CREATE ROLE hr_manager IDENTIFIED EXTERNALLY; CREATE ROLE hr_manager IDENTIFIED EXTERNALLY;

20-7 Using Predefined Roles Role NameDescription CONNECT These two roles are provided RESOURCE for backward compatibility. DBA All system privileges WITH ADMIN OPTION EXP_FULL_DATABASEPrivileges to export the DB IMP_FULL_DATABASEPrivileges to import the DB DELETE_CATALOG_ROLEDELETE privileges on DD tables EXECUTE_CATALOG_ROLEEXECUTE privilege on DD packages SELECT_CATALOG_ROLESELECT privilege on DD tables

20-8 Modifying Roles ALTER ROLE hr_clerk IDENTIFIED EXTERNALLY; ALTER ROLE hr_clerk IDENTIFIED EXTERNALLY; ALTER ROLE hr_manager NOT IDENTIFIED; ALTER ROLE hr_manager NOT IDENTIFIED; ALTER ROLE sales_clerk IDENTIFIED BY commission;

20-9 Assigning Roles GRANT hr_clerk, TO hr_manager; GRANT sales_clerk TO scott; GRANT hr_manager TO scott WITH ADMIN OPTION;

20-10 Assigning Privileges to Roles GRANT create table, create any index TO hr_clerk; GRANT create_session TO hr_manager;

20-11 Establishing Default Roles User may have many roles. A default role is a subset of those that is automatically enabled when user logs in. By default, all roles assigned to user are enabled at logon. Limit the default role for a user ALTER USER user DEFAULT ROLE {role[,role].. | ALL [EXCEPT role [,role]..] | NONE} User may have many roles. A default role is a subset of those that is automatically enabled when user logs in. By default, all roles assigned to user are enabled at logon. Limit the default role for a user ALTER USER user DEFAULT ROLE {role[,role].. | ALL [EXCEPT role [,role]..] | NONE}

20-12 Examples ALTER USER scott DEFAULT ROLE hr_clerk, sales_clerk; ALTER USER scott DEFAULT ROLE ALL; ALTER USER scott DEFAULT ROLE ALL EXCEPT hr_clerk; ALTER USER scott DEFAULT ROLE NONE; -- no default roles; may have other roles for which a password may be needed ALTER USER scott DEFAULT ROLE hr_clerk, sales_clerk; ALTER USER scott DEFAULT ROLE ALL; ALTER USER scott DEFAULT ROLE ALL EXCEPT hr_clerk; ALTER USER scott DEFAULT ROLE NONE; -- no default roles; may have other roles for which a password may be needed

20-13 Enabling and Disabling Roles Disable a role to temporarily revoke the role from a user. Enable a role to temporarily grant it. The SET ROLE command enables and disables roles. Default roles are enabled for a user at login. A password may be required to enable a role. Disable a role to temporarily revoke the role from a user. Enable a role to temporarily grant it. The SET ROLE command enables and disables roles. Default roles are enabled for a user at login. A password may be required to enable a role.

20-14 Enabling and Disabling Roles: Examples SET ROLE hr_clerk; SET ROLE sales_clerk IDENTIFIED BY commission; SET ROLE ALL EXCEPT sales_clerk; SET ROLE NONE; Enable: this is how users would activate their role Disable all roles for current session

20-15 Removing Roles from Users REVOKE hr_manager FROM PUBLIC; REVOKE sales_clerk FROM scott;

20-16 Removing Roles DROP ROLE hr_manager;

20-17 BENEFITSPAYROLL HR_MANAGERHR_CLERKPAY_CLERK Userroles Applicationroles Applicationprivileges Guidelines for Creating Roles Users Payroll privileges Benefits privileges

20-18 Guidelines for using Passwords and Default Roles PAY_CLERKPAY_CLERK_RO Default rolePassword protected non-default Select privilegesInsert, update, delete and select privileges

20-19 Displaying Role Information Role ViewDescription DBA_ROLESAll roles which exist in the database DBA_ROLE_PRIVSRoles granted to users and roles ROLE_ROLE_PRIVSRoles which are granted to roles DBA_SYS_PRIVSSystem privileges granted to users and roles ROLE_SYS_PRIVSSystem privileges granted to roles ROLE_TAB_PRIVSTable privileges granted to roles SESSION_ROLESRoles which the user currently has enabled. Select role, password_required from dba_roles;

20-20 Summary Creating roles Assigning privileges to roles Assigning roles to users or roles Establishing default roles Creating roles Assigning privileges to roles Assigning roles to users or roles Establishing default roles

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.