Download presentation
Presentation is loading. Please wait.
Published byAnnabelle Bradley Modified over 9 years ago
1
IST 318 Database Administration Lecture 10 Managing Roles
2
Users Privileges Roles UPDATE ON JOBS INSERT ON JOBS SELECT ON JOBS CREATE TABLE CREATE SESSION HR_CLERKHR_MGR A B C Roles
3
Easier privilege management Dynamic privilege management Selective availability of privileges Can be granted through the operating system Benefits of Roles
4
Roles with ADMIN option: Not identified: By password: Identified externally: CREATE ROLE oe_clerk; CREATE ROLE hr_clerk IDENTIFIED BY bonus; CREATE ROLE hr_manager IDENTIFIED EXTERNALLY; Creating Roles
5
Role NameDescription CONNECT, These roles are provided RESOURCE, DBA for backward compatibility EXP_FULL_DATABASE Privileges to export the database IMP_FULL_DATABASE Privileges to import the database DELETE_CATALOG_ROLEDELETE privileges on data dictionary tables EXECUTE_CATALOG_ROLEEXECUTE privilege on data dictionary packages SELECT_CATALOG_ROLESELECT privilege on data dictionary tables Predefined Roles
6
ALTER ROLE hr_clerk IDENTIFIED EXTERNALLY; ALTER ROLE hr_manager NOT IDENTIFIED; ALTER ROLE oe_clerk IDENTIFIED BY order; Modifying Roles Use ALTER ROLE to modify the authentication method. Requires the ADMIN option or ALTER ANY ROLE privilege.
7
GRANT hr_clerk TO hr_manager; GRANT oe_clerk TO scott; GRANT hr_manager TO scott WITH ADMIN OPTION; Assigning Roles Use GRANT command to assign a role
8
ALTER USER scott DEFAULT ROLE hr_clerk, oe_clerk; ALTER USER scott DEFAULT ROLE ALL; ALTER USER scott DEFAULT ROLE ALL EXCEPT hr_clerk; ALTER USER scott DEFAULT ROLE NONE; Establishing Default Roles A user can be assigned many roles. A user can be assigned a default role. Limit the number of default roles for a user.
9
Application roles can be enabled only by authorized PL/SQL packages. The USING package clause creates an application role. CREATE ROLE admin_role IDENTIFIED USING hr.employee; Application Roles
10
Enabling and Disabling Roles Disable a role to revoke the role from a user temporarily. Enable a role to grant it temporarily. The SET ROLE command enables and disables roles. Default roles are enabled for a user at login. A password may be required to enable a role.
11
SET ROLE hr_clerk; SET ROLE oe_clerk IDENTIFIED BY order; SET ROLE ALL EXCEPT oe_clerk; Enabling and Disabling Roles
12
Revoking roles from users requires the ADMIN OPTION or GRANT ANY ROLE privilege. To revoke a role: REVOKE hr_manager FROM PUBLIC; REVOKE oe_clerk FROM scott; Revoking Roles from Users
13
DROP ROLE hr_manager; Removing Roles Dropping a role: Removes it from all users and roles it was granted Removes it from the database Requires the ADMIN OPTION or DROP ANY ROLE privilege To drop a role:
14
HR_MANAGERHR_CLERKPAY_CLERK User roles Application roles Application privileges Users Payroll privilegesBenefits privileges Guidelines for Creating Roles BENEFITSPAYROLL
15
Default rolePassword protected (not default) Select privileges INSERT, UPDATE, DELETE, and SELECT privileges PAY_CLERKPAY_CLERK_RO Guidelines for Using Passwords and Default Roles
16
Look at Database through the DBA Views Three Data Dictionary Views USER_ ALL_ DBA_ Commonly used DBA_ views DBA_OBJECTS DBA_TABLESPACES, DBA_TABLES DBA_DATA_FILES, DBA_TEMP_FILES DBA_CONSTRAINTS DBA_USERS, DBA_ROLES
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.