吉林大学大型数据库设计与实现dba-17.ppt

ManagingRoles

ObjectivesAftercompletingthislesson,youshouldbeabletodothefollowing:CreateandmodifyrolesControlavailabilityofrolesRemoverolesUsepredefinedrolesDisplayroleinformationfromthedatadictionary

RolesUsersPrivilegesRolesUPDATEONJOBSINSERTONJOBSSELECTONJOBSCREATETABLECREATESESSIONHR_CLERKHR_MGRABC

BenefitsofRolesEasierprivilegemanagementDynamicprivilegemanagementSelectiveavailabilityofprivilegesCanbegrantedthroughtheoperatingsystemImprovedperformance

CreatingRolesCREATEROLEoe_clerk;CREATEROLEhr_clerk IDENTIFIEDBYbonus;CREATEROLEhr_manager IDENTIFIEDEXTERNALLY;

PredefinedRolesRoleName DescriptionCONNECT, Theserolesareprovided

RESOURCE,DBA forbackwardcompatibilityEXP_FULL_DATABASE Privilegestoexportthe

databaseIMP_FULL_DATABASE Privilegestoimportthe

databaseDELETE_CATALOG_ROLE DELETEprivilegeson datadictionarytablesEXECUTE_CATALOG_ROLE EXECUTEprivilegeon datadictionarypackagesSELECT_CATALOG_ROLE SELECTprivilegeondata

dictionarytables

ModifyingRolesALTERROLEhr_clerk IDENTIFIEDEXTERNALLY;ALTERROLEhr_manager NOTIDENTIFIED;ALTERROLEoe_clerk

IDENTIFIEDBYorder;

AssigningRolesGRANThr_clerkTOhr_manager;GRANToe_clerkTOscott;GRANThr_managerTOscottWITHADMINOPTION;

EstablishingDefaultRolesALTERUSERscott

DEFAULTROLEhr_clerk,oe_clerk;ALTERUSERscottDEFAULTROLEALL;ALTERUSERscottDEFAULTROLEALLEXCEPT hr_clerk;ALTERUSERscottDEFAULTROLENONE;

ApplicationRolesApplicationrolescanbeenabledonlybyauthorizedPL/SQLpackagesTheUSINGpackageclausecreatesanApplicationRoleCREATEROLEadmin_role IDENTIFIEDUSINGhr.employee;

EnablingandDisablingRolesDisablearoletorevoketherolefromausertemporarilyEnablearoletograntittemporarilyTheSETROLEcommandenablesand

disablesrolesDefaultrolesareenabledforauseratlogin.Apasswordmayberequiredtoenablearole.

E