Presentation is loading. Please wait.

Presentation is loading. Please wait.

20 Managing Roles. 20-2 Objectives Creating and modifying roles Controlling availability of roles Removing roles Using predefined roles Displaying role.

Published byJason Campbell Modified over 9 years ago

Similar presentations

Presentation on theme: "20 Managing Roles. 20-2 Objectives Creating and modifying roles Controlling availability of roles Removing roles Using predefined roles Displaying role."— Presentation transcript:

1 20 Managing Roles

2 20-2 Objectives Creating and modifying roles Controlling availability of roles Removing roles Using predefined roles Displaying role information from the data dictionary Creating and modifying roles Controlling availability of roles Removing roles Using predefined roles Displaying role information from the data dictionary

3 20-3 Roles Role: named groups of related privileges Granted/revoked with same commands as for privilegesGranted/revoked with same commands as for privileges Maybe granted to user or role (except itself)Maybe granted to user or role (except itself) Can consist of object and system privilegesCan consist of object and system privileges May be enabled/disabledMay be enabled/disabled Can require password to enableCan require password to enable Not owned by anyoneNot owned by anyone

4 20-4 Roles Users Privileges Roles UPDATE ON EMP INSERT ON EMP SELECT ON EMP CREATE TABLE CREATE SESSION HR_CLERKHR_MGR A B C

5 20-5 Benefits of Roles Reduced granting of privileges Dynamic privilege management Selective availability of privileges Granted through the OS No cascading revokes Improved performance Reduced granting of privileges Dynamic privilege management Selective availability of privileges Granted through the OS No cascading revokes Improved performance

6 20-6 Creating Roles CREATE ROLE sales_clerk; CREATE ROLE hr_clerk IDENTIFIED BY bonus; CREATE ROLE hr_clerk IDENTIFIED BY bonus; CREATE ROLE hr_manager IDENTIFIED EXTERNALLY; CREATE ROLE hr_manager IDENTIFIED EXTERNALLY;

7 20-7 Using Predefined Roles Role NameDescription CONNECT These two roles are provided RESOURCE for backward compatibility. DBA All system privileges WITH ADMIN OPTION EXP_FULL_DATABASEPrivileges to export the DB IMP_FULL_DATABASEPrivileges to import the DB DELETE_CATALOG_ROLEDELETE privileges on DD tables EXECUTE_CATALOG_ROLEEXECUTE privilege on DD packages SELECT_CATALOG_ROLESELECT privilege on DD tables

8 20-8 Modifying Roles ALTER ROLE hr_clerk IDENTIFIED EXTERNALLY; ALTER ROLE hr_clerk IDENTIFIED EXTERNALLY; ALTER ROLE hr_manager NOT IDENTIFIED; ALTER ROLE hr_manager NOT IDENTIFIED; ALTER ROLE sales_clerk IDENTIFIED BY commission;

9 20-9 Assigning Roles GRANT hr_clerk, TO hr_manager; GRANT sales_clerk TO scott; GRANT hr_manager TO scott WITH ADMIN OPTION;

10 20-10 Assigning Privileges to Roles GRANT create table, create any index TO hr_clerk; GRANT create_session TO hr_manager;

11 20-11 Establishing Default Roles User may have many roles. A default role is a subset of those that is automatically enabled when user logs in. By default, all roles assigned to user are enabled at logon. Limit the default role for a user ALTER USER user DEFAULT ROLE {role[,role].. | ALL [EXCEPT role [,role]..] | NONE} User may have many roles. A default role is a subset of those that is automatically enabled when user logs in. By default, all roles assigned to user are enabled at logon. Limit the default role for a user ALTER USER user DEFAULT ROLE {role[,role].. | ALL [EXCEPT role [,role]..] | NONE}

12 20-12 Examples ALTER USER scott DEFAULT ROLE hr_clerk, sales_clerk; ALTER USER scott DEFAULT ROLE ALL; ALTER USER scott DEFAULT ROLE ALL EXCEPT hr_clerk; ALTER USER scott DEFAULT ROLE NONE; -- no default roles; may have other roles for which a password may be needed ALTER USER scott DEFAULT ROLE hr_clerk, sales_clerk; ALTER USER scott DEFAULT ROLE ALL; ALTER USER scott DEFAULT ROLE ALL EXCEPT hr_clerk; ALTER USER scott DEFAULT ROLE NONE; -- no default roles; may have other roles for which a password may be needed

13 20-13 Enabling and Disabling Roles Disable a role to temporarily revoke the role from a user. Enable a role to temporarily grant it. The SET ROLE command enables and disables roles. Default roles are enabled for a user at login. A password may be required to enable a role. Disable a role to temporarily revoke the role from a user. Enable a role to temporarily grant it. The SET ROLE command enables and disables roles. Default roles are enabled for a user at login. A password may be required to enable a role.

14 20-14 Enabling and Disabling Roles: Examples SET ROLE hr_clerk; SET ROLE sales_clerk IDENTIFIED BY commission; SET ROLE ALL EXCEPT sales_clerk; SET ROLE NONE; Enable: this is how users would activate their role Disable all roles for current session

15 20-15 Removing Roles from Users REVOKE hr_manager FROM PUBLIC; REVOKE sales_clerk FROM scott;

16 20-16 Removing Roles DROP ROLE hr_manager;

17 20-17 BENEFITSPAYROLL HR_MANAGERHR_CLERKPAY_CLERK Userroles Applicationroles Applicationprivileges Guidelines for Creating Roles Users Payroll privileges Benefits privileges

18 20-18 Guidelines for using Passwords and Default Roles PAY_CLERKPAY_CLERK_RO Default rolePassword protected non-default Select privilegesInsert, update, delete and select privileges

19 20-19 Displaying Role Information Role ViewDescription DBA_ROLESAll roles which exist in the database DBA_ROLE_PRIVSRoles granted to users and roles ROLE_ROLE_PRIVSRoles which are granted to roles DBA_SYS_PRIVSSystem privileges granted to users and roles ROLE_SYS_PRIVSSystem privileges granted to roles ROLE_TAB_PRIVSTable privileges granted to roles SESSION_ROLESRoles which the user currently has enabled. Select role, password_required from dba_roles;

20 20-20 Summary Creating roles Assigning privileges to roles Assigning roles to users or roles Establishing default roles Creating roles Assigning privileges to roles Assigning roles to users or roles Establishing default roles

Download ppt "20 Managing Roles. 20-2 Objectives Creating and modifying roles Controlling availability of roles Removing roles Using predefined roles Displaying role."

Similar presentations

13 Copyright © Oracle Corporation, 2001. All rights reserved. Controlling User Access.

13 Copyright © Oracle Corporation, All rights reserved. Controlling User Access.
Oracle 10g Database Administrator: Implementation and Administration

Oracle 10g Database Administrator: Implementation and Administration
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
Chapter 9 Auditing Database Activities

Chapter 9 Auditing Database Activities
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.

Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.
Administering User Security

Administering User Security
Database Security Managing Users and Security Models.

Database Security Managing Users and Security Models.
Adapted from Afyouni, Database Security and Auditing DB Auditing Examples (Ch. 9) Dr. Mario Guimaraes.

Adapted from Afyouni, Database Security and Auditing DB Auditing Examples (Ch. 9) Dr. Mario Guimaraes.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.

By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.
CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.

CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.
9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.

9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
Copyright س Oracle Corporation, 1998. All rights reserved. 14 Controlling User Access.

Copyright س Oracle Corporation, All rights reserved. 14 Controlling User Access.
Database Programming Sections 13–Creating, revoking objects privileges.

Database Programming Sections 13–Creating, revoking objects privileges.
Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.

Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.
To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh.

To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh.
Week 7 Lecture 1 Database Roles. Learning Objectives  Discover when and why to use roles  Learn how to create, modify, and remove roles  Learn how.

Week 7 Lecture 1 Database Roles. Learning Objectives  Discover when and why to use roles  Learn how to create, modify, and remove roles  Learn how.
INTRODUCTION TO ORACLE Lynnwood Brown System Managers LLC End User Management – Lecture 3 Copyright System Managers LLC 2007 all rights reserved.

INTRODUCTION TO ORACLE Lynnwood Brown System Managers LLC End User Management – Lecture 3 Copyright System Managers LLC 2007 all rights reserved.

Similar presentations

Ads by Google