• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
Profiles in Oracle
\u2022
Profiles are a means to limit resources a user can use.
\u2022
For Oracle to use profiles youmust enter this in the initSID.ora, recompile the spfile and restart the
instance
resource_limit = TRUE
\u2022
ALTER SYSTEM SET resource_limit=TRUE SCOPE=BOTH;
\u2022
Password Control Attributes in a Profile:
Attribute
Description
FAILED_LOGIN_ATTEMPTS
Specifies the number of failed attempts to log in to the user
account before the account is locked.
PASSWORD_LIFE_TIME

Limits the number of days the same password can be used for
authentication. The password expires if it is not changed
within this period, and further connections are rejected.

PASSWORD_REUSE_TIME

Specifies the number of days before which a password cannot
be reused. If you set PASSWORD_REUSE_TIME to an
integer value, then you must set PASSWORD_REUSE_MAX
to UNLIMITED.

PASSWORD_REUSE_MAX

Specifies the number of password changes required before
the current password can be reused. If you set
PASSWORD_REUSE_MAX to an integer value, then you
must set PASSWORD_REUSE_TIME to UNLIMITED.

PASSWORD_LOCK_TIME
Specifies the number of days an account will be locked after
the specified number of consecutive failed login attempts.
PASSWORD_GRACE_TIME

Specifies the number of days after the grace period begins
during which a warning is issued and login is allowed. If the
password is not changed during the grace period, the
password expires.

PASSWORD_VERIFY_FUNCTION

Allows a PL/SQL password complexity verification script to
be passed as an argument to the CREATE PROFILE
statement. Oracle provides a default script, but you can create
your own routine or use third-party software instead.
Function is the name of the password complexity verification
routine. NULL indicates that no password verification is
performed.

Roles: Arole is a set or group of privileges that can be granted to users or another role
Creating a Role: To create a role, you must have CREATE ROLE system privileges. The syntax for creating a role is:

CREATE ROLE role_name
[ NOT IDENTIFIED |
IDENTIFIED {BY password | USING [schema.] package | EXTERNALLY |
GLOBALLY } ;

Therol e_name phrase is the name of the new role that you are creating. This is how you will refer to the grouping of
privileges.
The NOT IDENTIFIED phrase means that the role is immediately enabled. No password is required to enable the

role.
TheIDENTIFIED phrase means that a user must be authorized by a specified method before the role is enabled.
The BY password phrase means that a user must supply a password to enable the role.

The USING package phrase means that you are creating an application role - a role that is enabled only by
applications using an authorized package.
TheEXTERN ALLY phrase means that a user must be authorized by an external service to enable the role. An

external service can be an operating system or third-party service.
TheG LO BA LLY phrase means that a user must be authorized by the enterprise directory service to enable the role.
Data Dictionary Objects Related to Roles:

dba_roles
session_roles
dba_role_privs
user_application_roles
role_role_privs
user_role_privs
role_sys_privs
v$pwfile_users
role_tab_privs
System Privileges Related To Roles: alter any role

create role
drop any role
grant any role

Predefined Roles: connect, resource, dba.
Creating Roles
Create Role
CREATE ROLE <role_name>;
CREATE ROLEre a d _ o nly;
Create Password Protected Role
CREATE ROLE <role_name> IDENTIFIED BY
<password>;
CREATE ROLEdba IDENTIFIED BY"S0^Sorr y";
Assigning Privileges And Roles
To Roles
Assign Privilege To A Role
GRANT <privilege_name> TO <role_name>;
GRANT create session TO read_only
Roles Granted To A User
SELECT *
FROM user_role_privs;
Privileges Granted To A Role
SELECT *
FROM role_sys_privs;
System Privileges
SELECT DISTINCT privilege
FROM dba_sys_privs;
Roles Granted To Schemas
SELECT grantee, granted_role
FROM dba_role_privs;
Tables And Columns That Can Be
Modified by a User
SELECT *
FROM all_updatable_columns;
Privileges
A privilege is a right to execute an SQL statement or to access another user's object. In Oracle, there are two types of
privileges: system privileges and object privileges. A privilege can be assigned to auser or aprivileg e
The set of privileges is fixed, that is, there is no SQL statement like create privilege xyz...
System privileges: select name fromsystem_ privilege_ma p
\u2022
create session( A user cannot login without this privilege. If he tries, he gets an ORA-01045
).
\u2022
Create table
\u2022
Create view
\u2022
Create procedure
\u2022
sysdba
\u2022
sysoper
Executing this statement, we find privileges like create session, drop user, alter database, see system privileges.
Object privileges
Privileges can be assigned to the following types of database objects:
\u2022
Tables
select, insert, update, delete, alter, debug, flashback, on commit refresh, query rewrite, references, all
\u2022
Views
select, insert, update, delete, under, references, flashback, debug
\u2022
Sequence
alter, select
\u2022
Packeges, Procedures, Functions (Java classes, sources...)
execute, debug
\u2022
Materialized Views
delete, flashback, insert, select, update
\u2022
Directories
read, write
\u2022
Libraries
execute
\u2022
User defined types
execute, debug, under
\u2022
Operators
execute
\u2022
Indextypes
execute
Object privileges can be displayed usingall_tab_privs_made oruser_t ab_privs_made.
Oracle DML statements: Select, Update, Insert, Merge & Delete.cle DML Statementsracle DML
Statements Oracle DML Statements
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...