吉林大学大型数据库设计与实现dba-16.ppt

ManagingPrivileges

ObjectivesAftercompletingthislesson,youshouldbeabletodothefollowing:IdentifysystemandobjectprivilegesGrantandrevokeprivilegesIdentifyauditingcapabilities

ManagingPrivilegesTwotypesofOracleuserprivileges:System:EnablesuserstoperformparticularactionsinthedatabaseObject:Enablesuserstoaccessandmanipulateaspecificobject

SystemPrivilegesThereareover100distinctsystemprivilegesTheANYkeywordintheprivilegessignifiesthatusershavetheprivilegeinanyschemaTheGRANTcommandaddsaprivilegetoauseroragroupofusersTheREVOKEcommanddeletestheprivileges

SystemPrivileges:ExamplesCategory Examples INDEX CREATEANYINDEX

ALTERANYINDEX

DROPANYINDEX TABLE CREATETABLE

CREATEANYTABLE

ALTERANYTABLE

DROPANYTABLE

SELECTANYTABLE

UPDATEANYTABLE

DELETEANYTABLESESSION CREATESESSION

ALTERSESSION

RESTRICTEDSESSIONTABLESPACE CREATETABLESPACE

ALTERTABLESPACE

DROPTABLESPACE

UNLIMITEDTABLESPACE

GrantingSystemPrivilegesGRANTCREATESESSIONTOemi;GRANTCREATESESSIONTOemiWITHADMINOPTION;

SYSDBAandSYSOPER

PrivilegesCategoryExamplesSYSOPERSTARTUPSHUTDOWNALTERDATABASEOPEN|MOUNTALTERDATABASEBACKUPCONTROLFILETORECOVERDATABASEALTERDATABASEARCHIVELOGSYSDBASYSOPERPRIVILEGESWITHADMINOPTIONCREATEDATABASEALTERDATABASEBEGIN/ENDBACKUPRESTRICTEDSESSEIONRECOVERDATABASEUNTIL

SystemPrivilegeRestrictionsO7_DICTIONARY_ACCESSIBILITYparameterControlsrestrictionsonSYSTEMprivilegesIfsettoTRUE,accesstoobjectsinSYSschemaisallowedDefaultisFALSEEnsuresthatsystemprivilegesthatallowaccesstoanyschemadonotallowaccesstoSYSschema

RevokingSystemPrivilegesREVOKECREATETABLEFROMemi;

RevokingSystemPrivileges

WITHADMINOPTIONDBAGRANTREVOKEJeffEmiJeffEmiDBA

ObjectPrivilegesObjectpriv. Table View Sequence ProcedureALTER ? ??DELETE ? ?EXECUTE