Oracle Commands: Authorization-REVOKE permissions-Roles
Oracle Grant
Regardless of the permissions granted, each authorization (grant) statement is always made up of three parts:
1) The recipient section is a list of one or more users who are ready to get permission.
2) The Keyword Permission section consists of grant followed by one or more permissions. If there are multiple permissions in the same grant statement, the permissions are separated by commas.
3) The table name section begins with the keyword o n and lists the tables that are ready to be authorized on it.
Look at the following detailed introduction, the main is to introduce how to add, delete, modify, query four kinds of permissions to grant users, as follows:
First, insert
Insert permissions allow rows to be established in other users ' tables. The statement grant insert on sample_a to public; Allows all users to create new rows in Sample_a. Oracle allows multiple permissions to be granted in a single grant statement, and SQL statement grant Insert,select on sample_a to public; equivalent to two statements: Grant SELECT on Sample_a to public Statement and grant insert on sample_a to ublic;
Second, update
The update permission allows other users to modify data that is not in their own tables. The statement grant update on Sample_a Teplownd allows the user Teplownd to modify the information in the table sample_a.
Third, select
Select permissions allow users to view content in other user tables. The statement grant SELECT on Sample_3 to public will allow all users to browse the contents of table Sample_3 while the statement grant Select on Sample_3 to Ops$rosenberge,ops$abbeyms , only two users are allowed to view the contents of the table Sample_3. Note that when multiple users accept authorization, the user name is separated by commas.
When you are prompted to use public as the authoritative object, all database users get the specified permissions. If the user's database has 15,000 users, it takes 15,000 times (one per user) to authorize the individual, and it is granted to public one at a time.
Iv. Delete
Delete permission allows other users to delete rows of information for the specified table. This privilege is trivial, so we recommend that you use it carefully. Here's a practical example: If a user connects to a product database, and he thinks he's connected to a test database. He released a command to delete from People_master; and Oracle reacted 12003 rows delet. Ed after exiting SQL * Plus, the next program accesses People_master to see the records of Rick Bower and will be told that the record does not exist.
The command grant Delete,update,select on sample_a to public, gives the specified permission to all database users, and the command grant Select,update,insert,delete on Sample_a to TEPLOWND,GREERW; only allow users Teplownd and greerw to do the actions listed in the table sample_a commands
Authorization statement
--select * from Dba_users; Querying all users in the database
--alter user Test_select account lock; Lock users
--alter user Test_select account unlock; Unlocking the user
--create user Xujin identified by Xujin; Create a user
--grant create tablespace to Xujin; Authorized
--grant Select on Tabel1 to Xujin; Authorization Query
--grant Update on table1 to Xujin;
--grant execute on Procedure1 to xujin authorization stored procedure
--grant Update on Table1 to Xujin with GRANT option; Authorized update permission to transfer to Xujin users, Xu user can continue to authorize;
--Revoke permissions
--revoke Select on table1 from Xujin1; Retrieve the permissions of the query select table;
--revoke all on table1 from Xujin;
/*grant Connect to Xujin;
Revoke Connect from Xujin
Grant SELECT on Xezf.cfg_alarm to Xujin;
Revoke select on Xezf.cfg_alarm from xujin;*/
--select Table_name,privilege from Dba_tab_privs where grantee= ' Xujin ' queries the permissions of a user-owned object
--select * from Dba_sys_privs where grantee= ' Xujin ' queries for system permissions owned by a user
--select * FROM Session_privs--When Money session is valid system permissions
--character
--create role xujin1;--establishing xujin1 roles
--grant insert on Xezf.cfg_alarm to xujin1; The information that will be inserted into the table
--revoke insert on xezf.cfg_alarm from xujin1; Revoke permissions for the xujin1 role
--grant xujin1 to Xujin; Authorizing the role's permissions to Xujin;
--Create role xujin2;
--grant xujin1 to Xujin2; Delegate the role xujin1 to xujin2;
--alter user Xujin default xujin1,xujin2; Modify user Default Roles
--drop role xujin1; remove roles 1;
--select * from Role_sys_privs where role=xujin1;
--See what system permissions are allowed under the 1 role;
--select granted_role,admin_option from Role_role_privs where role= ' xujin2 ';
--See what role permissions are under the Xujin1 role
--select * from Role_sys_privs where role= ' xujin2 ';
--select Table_name,privilege from Role_tab_privs where role= ' xujin1 ';
--select * from Dba_role_privs where grantee= ' Xujin '--see how many characters there are under the user;
Oracle Commands: Authorization-REVOKE permissions-Roles