Beruflich Dokumente
Kultur Dokumente
Objects that are created by a user are owned and controlled by that user. If a user
wishes to access any of the objects belonging to another user, the owner of the object
will have to give permissions for such access. This is called Granting of Privileges.
Privileges once given can be taken back by the owner of the object. This is called
Revoking of Privileges.
The Grant statement provides various types of access to database objects such as
tables, views and sequences and so on.
Syntax:
Page 337
ORACLE 8i & 9i Chap 8
OBJECT PRIVILEGES
Each object privilege that is granted authorizes the grantee to perform some operation
on the object. A user can grant all the privileges or grant only specific object privileges.
ALTER : allows the grantee to change the table definition with the ALTER
TABLE command.
DELETE : allows the grantee to remove the records from the table with the
DELETE command.
INDEX : allows the grantee to create an index on the table with the CREATE
INDEX command.
INSERT : allows the grantee to add records to the table with the INSERT
command.
SELECT : allows the grantee to query the table with the SELECT command.
UPDATE : allows the grantee to modify the records in the tables with the UPDATE
command.
The WITH GRANT OPTION allows the grantee to in turn grant object privileges to other
users.
Example:
Give the user Pradeep all data manipulation permissions on the table Product_Master.
GRANT ALL
ON Product_Master
TO pradeep;
Page 338
CHAP 8 SECURITY MANAGEMENT USING SQL
Example:
Give the user Mita only the permission to view and modify records in the table
Client_Master.
Example:
Give the user Ivan all data manipulation privileges on the table Client_Master along
with an option to further grant permission on the Client_Master table to other users.
GRANT ALL
ON Client_Master
TO ivan
WITH GRANT OPTION;
Once a user has privileges to access another user's object(s), the user can access the
table by prefixing the table with the name of the owner.
Example:
Syntax:
SELECT * FROM
sunita.Product_Master;
Page 339
ORACLE 8i & 9i Chap 8
If the user wants to grant privileges to other users, the user must be the owner of the
object or must be given the GRANT option by the owner of the object.
Example:
Give the user Mili permission to view records from the Product_Master table. The
table originally belongs to the user Sunita, who has granted you the privilege to pass
on the privileges that you have to others using the GRANT privilege option.
GRANT SELECT
ON sunita.product_master
TO mili;
Privileges once given can be denied to a user using the REVOKE command. The object
owner can revoke privileges granted to another user. A user of an object who is not the
owner, but has been granted the GRANT privilege, has the power to REVOKE the
privileges from a grantee.
Syntax:
Page 340
CHAP 8 SECURITY MANAGEMENT USING SQL
Note
The revoke command is used to revoke object privileges that the user
previously granted directly to the grantee.
Example:
All privileges on the table Supplier_Master have been granted to Florian. Take back
the Delete privilege on the table.
REVOKE DELETE
ON Supplier_Master
FROM florian;
Example:
REVOKE ALL
ON Supplier_Master
FROM florian ;
Example:
Norma has the permission to view records from Product_Master. Take back this
permission. Note that Sunita is the original owner of Product_Master table.
REVOKE SELECT
ON sunita.product_master
FROM norma;
Page 341