Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. Chen, Oracle Database System (Oracle) 1 Chapter 7 User Creation and Management Jason C. H. Chen, Ph.D. Professor of MIS School of Business Gonzaga.

Published byAlyson Higgins Modified over 9 years ago

Similar presentations

Presentation on theme: "Dr. Chen, Oracle Database System (Oracle) 1 Chapter 7 User Creation and Management Jason C. H. Chen, Ph.D. Professor of MIS School of Business Gonzaga."— Presentation transcript:

1 Dr. Chen, Oracle Database System (Oracle) 1 Chapter 7 User Creation and Management Jason C. H. Chen, Ph.D. Professor of MIS School of Business Gonzaga University Spokane, WA 99258 USA chen@gonzaga.edu

2 Dr. Chen, Oracle Database System (Oracle) 2 Objectives Explain the concept of data security Create a new user account Identify two types of privileges: system and object Grant privileges to a user Address password expiration requirements Change the password of an existing account

3 Dr. Chen, Oracle Database System (Oracle) 3 Objectives (continued) Create a role Grant privileges to a role Assign a user to a role View privilege information Revoke privileges from a user and a role Remove a user and roles

4 Dr. Chen, Oracle Database System (Oracle) 4 Basic SQL Concepts DDL (Data Definition Language) –commands that work with the objects (tables, indexes, views, etc.) in the database. e..g., CREATE, ALTER, DROP, and RENAME. DML (Data Manipulation Language) –commands that work with the (physical) data in the database. e.g., SELECT, INSERT, UPDATE, and DELETE DCL ( ) –commands that control a database, including administering privileges. e.g., GRANT, REVOKE. Data Control Language

5 Dr. Chen, Oracle Database System (Oracle) 5 Data Security User accounts provide a method of authentication They can grant access to specific objects They identify owners of objects

6 Dr. Chen, Oracle Database System (Oracle) 6 Creating a User The CREATE USER command gives each user a user name and password Figure 7-1 Syntax of the CREATE USER command Can you perform this command? Why?

7 Dr. Chen, Oracle Database System (Oracle) 7 Assigning User Privileges There are two types of privileges System privileges –Allow access to the database and execution of DDL operations Object privileges –Allow a user to perform DML and query operations

8 Dr. Chen, Oracle Database System (Oracle) 8 Practice Type the following command SELECT * FROM location; I grant the following to all of you: GRANT SELECT ON location TO PUBLIC; You type the following again SELECT * FROM c##chen.location; I revoke the following from you: REVOKE SELECT ON location FROM PUBLIC; You type the following again SELECT * FROM c##chen.location; Just for the instructor: @ c:\oradata\NW_CW\northwoods.sql

9 Dr. Chen, Oracle Database System (Oracle) 9 Examples of Object Privileges Object TypePrivilegeDescription Table, Sequence ALTERAllows user to change object’s structure using the ALTER command Table, Sequence DROPAllows user to drop object Table, Sequence SELECTAllows user to view object TableINSERT, UPDATE, DELETE Allows user to insert, update, delete table data Any database object ALLAllows user to perform any operation on object

10 Dr. Chen, Oracle Database System (Oracle) 10 Pseudo-columns Acts like a column in a database query Actually a command that returns a specific values Used to retrieve: –Current system date –Name of the current database user –Next value in a sequence Pseudocolumn Name Output CURRVALMost recently retrieved sequence value NEXTVALNext value in a sequence SYSDATECurrent system date from database server USERUsername of current user

11 Dr. Chen, Oracle Database System (Oracle) 11 Retrieving the current system date : SELECT SYSDATE FROM DUAL; Retrieving the name of the current user: SELECT USER FROM DUAL; DUAL is a system table that is used with pseudo-columns Using Pseudo-columns

12 Dr. Chen, Oracle Database System (Oracle) 12 Your Turn (and Job) Read chapter 7 (both pptx file and Oracle text) Practice all examples (script file is available in the Bb, file name: Ch7_Queries.sql)

13 Dr. Chen, Oracle Database System (Oracle) 13 Assigning User Privileges (continued) Even with a valid user name and password, a user still needs the CREATE SESSION privilege to connect to a database Figure 7-5 Command to grant the CREATE SESSION privilege

14 Dr. Chen, Oracle Database System (Oracle) 14 System Privileges Affect a user’s ability to create, alter, and drop objects Use of ANY keyword with an object privilege (INSERT ANY TABLE) is considered a system privilege List of all available system privileges available through SYSTEM_PRIVILEGE_MAP

15 Dr. Chen, Oracle Database System (Oracle) 15 SYSTEM_PRIVILEGE_MAP Figure 7-3 A partial list of available system privelages

16 Dr. Chen, Oracle Database System (Oracle) 16 Granting System Privileges System privileges are given through the GRANT command Figure 7-4 Syntax of the GRANT command for system privaleges

17 Dr. Chen, Oracle Database System (Oracle) 17 Granting System Privileges (continued) GRANT clause – identifies system privileges being granted TO clause – identifies receiving user or role WITH ADMIN OPTION clause – allows a user to grant privilege to other database users

18 Dr. Chen, Oracle Database System (Oracle) 18 Object Privileges SELECT – display data from table, view, or sequence INSERT – insert data into table or view UPDATE – change data in a table or view DELETE – remove data from a table or view ALTER – change definition of table or view

19 Dr. Chen, Oracle Database System (Oracle) 19 Granting Object Privileges Grant object privileges through the GRANT command Figure 7-6 Syntax of the GRANT command for object privileges

20 Dr. Chen, Oracle Database System (Oracle) 20 Granting Object Privileges (continued) GRANT clause – identifies object privileges ON clause – identifies object TO clause – identifies user or role receiving privilege WITH GRANT OPTION clause – gives a user the ability to assign the same privilege to other users GRANT Command Examples Table 7-2 Examples of Granting Object Privileges to a User

21 Dr. Chen, Oracle Database System (Oracle) 21 Password Management To change a user password, use the PASSWORD command or the ALTER USER command Figure 7-12 Command to change a password

22 Dr. Chen, Oracle Database System (Oracle) 22 Utilizing Roles A role is a group, or collection, of privileges Figure 7-16 Command for creating the ORDERENTRY role Figure 7-17 Commands for granting privileges to the ORDERENTRY role

23 Dr. Chen, Oracle Database System (Oracle) 23 Utilizing Roles (continued) Roles can be assigned to users or other roles Figure 7-18 Command for granting the ORDERENTRY role to RTHOMAS

24 Dr. Chen, Oracle Database System (Oracle) 24 Utilizing Roles (continued) A user can be assigned several roles All roles can be enabled at one time Only one role can be designated as the default role for each user Default role can be assigned through the ALTER USER command

25 Dr. Chen, Oracle Database System (Oracle) 25 Utilizing Roles (continued) Roles can be modified with the ALTER ROLE command Roles can be assigned passwords Figure 7-23 Syntax of the ALTER ROLE command

26 Dr. Chen, Oracle Database System (Oracle) 26 Viewing Privilege Information ROLE_SYS_PRIVS lists all system privileges assigned to a role SESSION_PRIVS lists a user’s currently enabled roles

27 Dr. Chen, Oracle Database System (Oracle) 27 ROLE_TAB_PRIVS Example Figure 7-24 Verifying privileges assigned to a role

28 Dr. Chen, Oracle Database System (Oracle) 28 Removing Privileges and Roles Revoke system privileges with the REVOKE command Figure 7-26 Syntax for revoking a system privilege

29 Dr. Chen, Oracle Database System (Oracle) 29 Removing Privileges and Roles (continued) Revoking an object privilege – if the privilege was originally granted using WITH GRANT OPTION, the effect cascades and is revoked from subsequent recipients Figure 7-27 Syntax for revoking an object privilege Figure 7-28 Syntax for removing a role from an account

30 Dr. Chen, Oracle Database System (Oracle) 30 Dropping a Role Users receiving privileges via a role that is dropped will no longer have those privileges available Figure 7-31 Syntax of the DROP ROLE command Figure 7-32 Command for dropping the ORDERENTRY role

31 Dr. Chen, Oracle Database System (Oracle) 31 Dropping a User The DROP USER command is used to remove a user account Figure 7-33 Syntax of the DROP USER command

32 Dr. Chen, Oracle Database System (Oracle) 32 Summary Database account management is only one facet of data security A new user account is created with the CREATE USER command –The IDENTIFIED BY clause contains the password for the account System privileges are used to grant access to the database and to create, alter, and drop database objects The CREATE SESSION system privilege is required before a user can access his account on the Oracle server The system privileges available in Oracle 11g can be viewed through the SYSTEM_PRIVILEGE_MAP

33 Dr. Chen, Oracle Database System (Oracle) 33 Summary (continued) Object privileges allow users to manipulate data in database objects Privileges are given through the GRANT command The ALTER USER command, combined with the PASSWORD EXPIRE clause, can be used to force a user to change her password upon the next attempted login to the database The ALTER USER command, combined with the IDENTIFIED BY clause, can be used to change a user’s password –Privileges can be assigned to roles to make the administration of privileges easier

34 Dr. Chen, Oracle Database System (Oracle) 34 Summary (continued) Roles are collections of privileges The ALTER USER command, combined with the DEFAULT ROLE keywords, can be used to assign a default role(s) to a user Privileges can be revoked from users and roles using the REVOKE command Roles can be revoked from users using the REVOKE command A role can be deleted using the DROP ROLE command A user account can be deleted using the DROP USER command

Download ppt "Dr. Chen, Oracle Database System (Oracle) 1 Chapter 7 User Creation and Management Jason C. H. Chen, Ph.D. Professor of MIS School of Business Gonzaga."

Similar presentations

9 Creating and Managing Tables. Objectives After completing this lesson, you should be able to do the following: Describe the main database objects Create.

9 Creating and Managing Tables. Objectives After completing this lesson, you should be able to do the following: Describe the main database objects Create.
13 Copyright © Oracle Corporation, 2001. All rights reserved. Controlling User Access.

13 Copyright © Oracle Corporation, All rights reserved. Controlling User Access.
Basic SQL Introduction Presented by: Madhuri Bhogadi.

Basic SQL Introduction Presented by: Madhuri Bhogadi.
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
Chapter 9 Auditing Database Activities

Chapter 9 Auditing Database Activities
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.

Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.

PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.
Chapter 6 Additional Database Objects

Chapter 6 Additional Database Objects
By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.

By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.
9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.

9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
Copyright س Oracle Corporation, 1998. All rights reserved. 14 Controlling User Access.

Copyright س Oracle Corporation, All rights reserved. 14 Controlling User Access.
Database Programming Sections 13–Creating, revoking objects privileges.

Database Programming Sections 13–Creating, revoking objects privileges.
Chapter 5 Data Manipulation and Transaction Control

Chapter 5 Data Manipulation and Transaction Control
Introduction to SEQUEL. What is SEQUEL? Acronym for Structural English Query Language Acronym for Structural English Query Language Standard language.

Introduction to SEQUEL. What is SEQUEL? Acronym for Structural English Query Language Acronym for Structural English Query Language Standard language.
Week 7 Lecture 1 Database Roles. Learning Objectives  Discover when and why to use roles  Learn how to create, modify, and remove roles  Learn how.

Week 7 Lecture 1 Database Roles. Learning Objectives  Discover when and why to use roles  Learn how to create, modify, and remove roles  Learn how.
IS 221: DATABASE ADMINISTRATION Lecture 6:Create Users & Manage Users. Information Systems Department 1.

IS 221: DATABASE ADMINISTRATION Lecture 6:Create Users & Manage Users. Information Systems Department 1.
Dr. Chen, Oracle Database System (Oracle) 1 Chapter 6 Additional Database Objects (up to p.195 and all in the pptx file) Jason C. H. Chen, Ph.D. Professor.

Dr. Chen, Oracle Database System (Oracle) 1 Chapter 6 Additional Database Objects (up to p.195 and all in the pptx file) Jason C. H. Chen, Ph.D. Professor.
Chapter 6 Additional Database Objects Oracle 10g: SQL.

Chapter 6 Additional Database Objects Oracle 10g: SQL.

Similar presentations

Ads by Google