ORACLE's permission management
ORACLE's security mechanism is composed of a three-level architecture of system permissions, entity permissions and role permissions.
Permission type explanation
System permissions: refers to the right to operate the database system and data structure, such as creating/deleting users, tables, synonyms, indexes, etc.
Entity permissions: refers to the user's right to operate data, such as query, Update, insert, delete, integrity constraints, etc.
Role permissions: Several related permissions are combined into roles, and the roles can be further combined to form a hierarchical tree to correspond to administrative positions in the real world. In addition to restricting operation rights and control rights, role permissions can also restrict the permissions to execute certain applications.
Such a security control system enables managers and program developers of the entire system to control the operation of system commands, data operations and application execution.
(1) System permissions
The granting command of system permissions is GRANT. For example, grant the permission to create any table view to user scott:
GRANT create any view TO scott;
The revocation command of system permissions is REVOKE. For example, the permission to create any view is withdrawn from user scott. :
REVOKE create any view FROM scott;
(2) Entity Permissions
Each type of entity has entity permissions associated with it.
Examples of commands to grant entity permissions (grant Select and Insert permissions on the EMP table to scott):
GRANT select,insert ON emp TO scott;
Examples of commands to revoke entity permissions (recover Select permissions on the EMP table from scott):
REVOKE select ON emp FROM scott;
(3) Management roles
A role is a combination of many permissions and roles, which greatly facilitates ORACLE permission management.
·Create a role, for example, create a role named dept1 with the password hello:
CREATE ROLE dept1 IDENTIFIED BY hello;
·Use a role, you can use the role by modifying the user's default role, or use the role through authorization Granted to other roles or users. For example, change the default role of user scott to DEVELOPER:
ALTER USER scott DEFAULT ROLE DEVELOPER;
Grant the role dept1 to the manager role:
GRANT manager TO scott;
·Enable or invalidate the role. The DBA can temporarily recycle it by controlling the validity or invalidation of the role. Part of the user's permissions. To invalidate the dept1 role:
SET ROLE dept1 DISABLE;
·Delete the role, which will affect the permissions of users who own this role and other roles. Use the DROP ROLE command to delete a role, such as:
DROP ROLE dept1;
The above is the permission management of ORACLE. For more related articles, please pay attention to the PHP Chinese website (m.sbmmt.com)!