CHAP 8 SECURITY MANAGEMENT USING SQL

8. SECURITY MANAGEMENT USING SQL

GRANTING AND REVOKING PERMISSIONS

Oracle provides extensive security features in order to safeguard information stored in

its tables from unauthorized viewing and damage. Depending on a user's status and
responsibility, appropriate rights on Oracle's resources can be assigned to the user by
the DBA. The rights that allow the use of some or all of Oracle's resources on the
Server are called Privileges.

Objects that are created by a user are owned and controlled by that user. If a user
wishes to access any of the objects belonging to another user, the owner of the object
will have to give permissions for such access. This is called Granting of Privileges.

Privileges once given can be taken back by the owner of the object. This is called
Revoking of Privileges.

Granting Privileges Using The GRANT Statement

The Grant statement provides various types of access to database objects such as
tables, views and sequences and so on.

Syntax:

GRANT <object privileges>

ON <objectname>
TO <username>
[WITH GRANT OPTION];

Page 337
ORACLE 8i & 9i Chap 8

OBJECT PRIVILEGES

Each object privilege that is granted authorizes the grantee to perform some operation
on the object. A user can grant all the privileges or grant only specific object privileges.

The list of object privileges is as follows:

ALTER : allows the grantee to change the table definition with the ALTER
TABLE command.

DELETE : allows the grantee to remove the records from the table with the
DELETE command.

INDEX : allows the grantee to create an index on the table with the CREATE
INDEX command.

INSERT : allows the grantee to add records to the table with the INSERT
command.

SELECT : allows the grantee to query the table with the SELECT command.

UPDATE : allows the grantee to modify the records in the tables with the UPDATE
command.

WITH GRANT OPTION

The WITH GRANT OPTION allows the grantee to in turn grant object privileges to other
users.

Example:

Give the user Pradeep all data manipulation permissions on the table Product_Master.

GRANT ALL
ON Product_Master
TO pradeep;

Page 338
 CHAP 8 SECURITY MANAGEMENT USING SQL

Example:

Give the user Mita only the permission to view and modify records in the table
Client_Master.

GRANT SELECT, UPDATE

ON Client_Master
TO mita;

Example:

Give the user Ivan all data manipulation privileges on the table Client_Master along
with an option to further grant permission on the Client_Master table to other users.

GRANT ALL
ON Client_Master
TO ivan
WITH GRANT OPTION;

Referencing A Table Belonging To Another User

Once a user has privileges to access another user's object(s), the user can access the
table by prefixing the table with the name of the owner.

Example:

View the contents of the Product_Master table that belongs to Sunita.

Syntax:

SELECT * FROM
sunita.Product_Master;

Page 339
ORACLE 8i & 9i Chap 8

Granting Privileges When A Grantee Has Been Given The GRANT

Privilege

If the user wants to grant privileges to other users, the user must be the owner of the
object or must be given the GRANT option by the owner of the object.

Example:

Give the user Mili permission to view records from the Product_Master table. The
table originally belongs to the user Sunita, who has granted you the privilege to pass
on the privileges that you have to others using the GRANT privilege option.

GRANT SELECT
ON sunita.product_master
TO mili;

REVOKING PRIVILEGES GIVEN

Privileges once given can be denied to a user using the REVOKE command. The object
owner can revoke privileges granted to another user. A user of an object who is not the
owner, but has been granted the GRANT privilege, has the power to REVOKE the
privileges from a grantee.

Revoking Permissions Using The REVOKE Statement:

The REVOKE statement is used to deny the grant given on an object.

Syntax:

REVOKE <object privileges>

ON <objectname>
FROM <username>;

Page 340
 CHAP 8 SECURITY MANAGEMENT USING SQL

Note
The revoke command is used to revoke object privileges that the user
previously granted directly to the grantee.

The REVOKE command cannot be used to revoke the privileges granted

through the operating system.

Example:

All privileges on the table Supplier_Master have been granted to Florian. Take back
the Delete privilege on the table.

REVOKE DELETE
ON Supplier_Master
FROM florian;

Example:

Take back all privileges on the table bonus from Florian.

REVOKE ALL
ON Supplier_Master
FROM florian ;

Example:

Norma has the permission to view records from Product_Master. Take back this
permission. Note that Sunita is the original owner of Product_Master table.

REVOKE SELECT
ON sunita.product_master
FROM norma;

Page 341