Beruflich Dokumente
Kultur Dokumente
Roles: A role is a set or group of privileges that can be granted to users or another role
Creating a Role: To create a role, you must have CREATE ROLE system privileges. The syntax for creating a role is:
The role_name phrase is the name of the new role that you are creating. This is how you will refer to the grouping of
privileges.
The NOT IDENTIFIED phrase means that the role is immediately enabled. No password is required to enable the
role.
The IDENTIFIED phrase means that a user must be authorized by a specified method before the role is enabled.
The BY password phrase means that a user must supply a password to enable the role.
The USING package phrase means that you are creating an application role - a role that is enabled only by
applications using an authorized package.
The EXTERNALLY phrase means that a user must be authorized by an external service to enable the role. An
external service can be an operating system or third-party service.
The GLOBALLY phrase means that a user must be authorized by the enterprise directory service to enable the role.
dba_roles session_roles
dba_role_privs user_application_roles
role_role_privs user_role_privs
role_sys_privs v$pwfile_users
role_tab_privs
Creating Roles
CREATE ROLE <role_name>;
Create Role
CREATE ROLE read_only;
CREATE ROLE <role_name> IDENTIFIED BY
Create Password Protected Role <password>;
CREATE ROLE dba IDENTIFIED BY "S0^Sorry";
SELECT *
Roles Granted To A User
FROM user_role_privs;
SELECT *
Privileges Granted To A Role
FROM role_sys_privs;
SELECT DISTINCT privilege
System Privileges
FROM dba_sys_privs;
SELECT grantee, granted_role
Roles Granted To Schemas
FROM dba_role_privs;
Tables And Columns That Can Be SELECT *
Modified by a User FROM all_updatable_columns;
Privileges
A privilege is a right to execute an SQL statement or to access another user's object. In Oracle, there are two types of
privileges: system privileges and object privileges. A privilege can be assigned to a user or a privilege
The set of privileges is fixed, that is, there is no SQL statement like create privilege xyz...
System privileges: select name from system_privilege_map
• create session (A user cannot login without this privilege. If he tries, he gets an ORA-01045).
• Create table
• Create view
• Create procedure
• sysdba
• sysoper
Executing this statement, we find privileges like create session, drop user, alter database, see system privileges.
Object privileges
Privileges can be assigned to the following types of database objects:
• Tables
select, insert, update, delete, alter, debug, flashback, on commit refresh, query rewrite, references, all
• Views
select, insert, update, delete, under, references, flashback, debug
• Sequence
alter, select
• Packeges, Procedures, Functions (Java classes, sources...)
execute, debug
• Materialized Views
delete, flashback, insert, select, update
• Directories
read, write
• Libraries
execute
• User defined types
execute, debug, under
• Operators
execute
• Indextypes
execute
Oracle DML statements: Select, Update, Insert, Merge & Delete.cle DML Statementsracle DML
Statements Oracle DML Statements