Oracle Permissions settings

Oracle the user security management mainly has permissions and Roles

When a user is just established, the user does not have any permissions and cannot perform any action. If you want to perform a specific database operation, you must grant it permissions to the system.

If the user wants to access objects from other scenarios, they must be granted permission to the object, and in order to simplify the management of permissions, you can use the role

Permissions :

here is the right to execute specific commands and Access Objects . package includes system and object permissions  

System Permissions

is to perform a specific type of SQL Command . mainly for the user . category

• DBA Full Permissions . You can create a database structure
• Resource: only entities can be created , cannot create a database structure
• Connect: Only Login , cannot create entity and database structure

for normal users: Grant Connect, resource permissions.

for DBA Administration User: Grant Connect,resource, dba authority

System Permission Authorization command:

[System permissions can only be granted by the DBA User: sys, system (only two users at the beginning)]

Authorization Command:sql> Grant Connect, resource, DBA to username 1 [, user name 2] ...;

[An ordinary user can have the same user rights as the system through authorization, but never the same permissions as the SYS user, and the permissions of the system user can be recycled]

Cases:

Sql> Connect system/managersql> Create user User50 identified by USER50; Sql> Grant Connect,resource to User50;

Query where the user has permissions:

Sql> select * from Dba_role_privs; Sql> select * from Dba_sys_privs; Sql> select * from Role_sys_privs;

To Delete a user: sql> drop user username cascade;//Add cascade to delete all the users and the things they created

Note : when granting system permissions , can carry With the admin option option so that the user or role that is granted permission can also grant the system permission to other users

or character.

For example

// Create user

Sql>create user kenidentified by M123;sql>create user tomidentified by m123

to the user Ken Grant

Sql>grant Create session,create table to Ken with admin option;sql>grant create view to Ken;

to the user Tom Authorized

we can pass Ken gives Tom authorization because with admin option is added. Of course, you can also authorize Tom through the DBA , here we use Ken to give Tom authorization.

Sql>grant createsession,create table to tom with admin option;sql>grantcreate view to tom;--this is not possible, Because Ken does not have delegated permissions for that permission.

Reclaim System Permissions

in general, the Reclaim system permissions are DBA to complete, if the other user to reclaim system permissions, require that the user must have the appropriate system permissions and delegated system permissions

Option (with admin option). The recycle system permissions are done using revoke.

When system permissions are reclaimed, the user cannot perform the appropriate action, but be aware that system permissions are not cascade-recycled.

Execute the following statement:

Sql>revoke create session from Ken;

Description: After the DBA executes the statement after recovering Ken's login rights, Ken will no longer be able to log in again, there is Ken delegated permission to the owner of Tom still can normal

Logged in.

Object permissions:

Access to a table or view of another user by a privileged user. ( for a table or view ).

with the user can access the object of their scenario directly. However, if you want to access objects of other scenarios, you must have permission to the object. For example , Smith users want to access Scott.emp

Table (Scott: scenario, EMP: Table), you must have permission to the object on the Scott.emp table.

commonly used to have   

additions and deletions, modification (modification of data and modification of table structure), indexing, Execution (execute) , All , etc.

Grant create session to zhangsan;//grants Zhangsan user permission to create session, that is, login permission Grant unlimited session to zhangsan;// Grant Zhangsan user permission to use Tablespace grant CREATE table to zhangsan;//grants permissions to create tables grante drop table to zhangsan;//grant permission to delete tables grant Insert Table T o zhangsan;//permissions to insert Table Grant Update table to zhangsan;//modify the permissions of the table grant all to public;//this is important, grant all permissions (all) for all users (public)

of course, it also includes with Authorization, Permission reclamation operations.

Summary:

I didn't even see it at first. Oracle any language to go to operate, feel not to know, difficult to learn. However, when you view the basic operations of Oracle , the SQL

commands are quite different. Just a few more command authorizations, but also very interesting. It's just that we didn't write that in SQL. Because the SQL with the client did this for us.

Job. So some of the usual commands we should write more personally. It's very useful to be familiar with the environment at first.