You are on page 1of 60

12/1/2010

Oracle Architecture

ORACLE Architecture
• Database Components
• Memory Structures
• Processes
• Oracle Instance
• Shared Server ( Multi –threaded Server)

1
12/1/2010

Database overview
An oracle database consists of

 Physical Components
• Data file
• Control Files
• Redo log files

 Logical components
• Tablespace , segments , extent , block.
• Schema Objects

Database file
 A database consists of a set of operating
system files.
 Types of information is stored in an oracle
database
• User Data
 Actual Application Data

• System Data
 Data that the database needs to manage itself

• Overhead Data
 Indexes , Integrity etc.

2
12/1/2010

Database file
 An ORACLE database consists of one or more physical
operating system files, called database files.

 These files contain all the database data.

 One or more physical files form a logical unit on


database storage called a tablespace

 A database file can be associated with one and only one


tablespace.

Control file
A database’s overall physical architecture is
maintained by its control files.

A control file contains information about all the


files associated with an oracle database files

-- Name of Physical database files


-- Redo Log files
-- Time stamp

3
12/1/2010

Control File
 A control file is associated with a single database.

 Control file is automatically modified by ORACLE; a user


cannot edit them

 They are used to maintain internal consistency and guide


recovery operations

Redo Log file


The Redo Log files are set of files external to the database that
records changes made to the database during transactions.

 A Redo log contains all the committed transaction that have


occurred against the database .

Redo logs are also called transaction logs.

4
12/1/2010

Redo Log File


 Noactivity in the database can take place without
being recorded in Redo
Logs

The redo Logs are necessary to protect against data


loss due to various
kinds of failures.

Redo Log file


 An online Redo log file is one to which transactions
are written each time a transaction occurs.
 Every database requires a minimum two Redo Logs

 Redo logs work in circular fashion

A Log switch occurs when a log file is filled.

5
12/1/2010

Redo Log File


 Database operates in two modes :
--NOARCHIVELOG
--ARCHIVELOG

 The mode determines whether the redo logs are


overwritten or not before creating copy of filled
redo log file.

Redo Log File


NOARCHIVELOG Mode
-- Default mode
-- The transactions are overwritten each time a log
switch occurs

ARCHIVELOG Mode
-- All transaction redo logs are kept
-- A copy of current log is made before a log switch
occurs. This
ensures the database protection against all types of
failure.

6
12/1/2010

Tablespace
 A database is divided into logical divisions
called tablespaces.
A database may have one or more tablespaces

 Each logical tablespace corresponds to one


or more physical files.

Tablespace
The typical tablespace present in an ORACLE
database are :
 SYSTEM

 SYSAUX

 TEMPORARY

 UNDO

 USER

 BIGFILE

 INDEX

7
12/1/2010

Tablespace
 SYSTEM
-- where ORACLE stores all the information it needs to manage itself.

-- the system tablespace always contain the data dictionary for the
entire database objects.

 SYSAUX
-- An auxiliary tablespace to the SYSTEM tablespace

-- Used by oracle components like Enterprise Manager Repository ,


log Miner etc.

Tablespace
 TEMPORARY :
-- where ORACLE stores all its temporary tables.

 UNDO :
-- Used for rolling back transactions.

 USER :
-- Where all the information about the user is stored.

 BIGFILE :
-- Consists of only one datafile
-- Single data file can be upto 8EB.

8
12/1/2010

Segments and Extents


 All data in a tablespace is stored in allocations of
database space called segments

A segment is a set of extents allocated for storage of


database data.

 The storage parameters of segment determines


how a database object will obtain database space.

An extent is an allocation of contigious database


space , made up of logical (oracle) blocks

Segments and Extents


Types of segments can be :

 Data segments

Index segments

Undo segments

Temporary segments

Bootstrap segments

9
12/1/2010

Segments and Extents


DATA and INDEX
which holds the actual data and the indexes.

UNDO :
where all undo information is stored.

TEMPORARY :
Used to store intermediate results of various operations

BOOTSTRAP :
Helps to initialize data dictionary cache when the database is opened by
an instance

Schema Objects

A schema can have one or more logical database


objects

-- Tables
-- Indexes
-- Views
etc.

10
12/1/2010

Oracle Memory Structures


Oracle uses memory to store :
-- Program code being executed
-- Information about connected session
-- Data needed during program execution
-- Information which is shared and communicated among
ORACLE processes
-- Caching information.

Oracle Memory Structures

The basic memory structures associated with ORACLE


includes :

-- The System Global Area (SGA)

-- The Program Global Areas (PGA)

11
12/1/2010

The System Global Area

 A group of shared memory structures that contains data


and control information for one database instance

 Multiple users connected to the same instance share the


data from instance’s SGA

 Also referred as Shared Global Area

The System Global Area

The information stored within an SGA is divided into


several areas of memory :

 The database Buffer Cache

 The Redo log Buffer

 The Shared Pool

 Java Pool

 Streams pool

12
12/1/2010

Database Buffer Cache


 A portion of SGA that holds database information

 The buffers are shared by all ORACLE user processes


concurrently connected to the instance.

The Redo Log Buffer

 The redo log buffer in the SGA holds changes made


to the database.

 Redo entries from the Redo Buffer are written to the


online Redo Log
Files

13
12/1/2010

The Shared Pool

It consists of

-- Library Cache
-- Data Dictionary Cache

Shared pool
Library Cache
– stores information about the most recently used
SQL and PL/SQL statements.
– Use Least Recently used (LRU) algorithm
– Consist of two areas
 shared SQL are
 Shared PL/SQL area.

14
12/1/2010

Shared Pool
The Data Dictionary Cache
– Contains reference information about the
database , its structure and its users
– Contents of the data dictionary
 Names of all tables and views
 Names and data types of the columns in database
tables.
 Privileges of all Oracle users.

The Program Global Area

 Contains data and control information for single process

 Also referred as ‘Process Global Area’

 PGA contains
-- Private SQL area
-- Session memory
-- SQL work area.

15
12/1/2010

Oracle Processes

Every time a database is strated on a database server ,


SGA is allocated and one or more Oracle processes are
started.

An ORACLE Instance
-- The combination of SGA and the ORACLE processes is called an
Oracle Database instance
-- An Oracle instance may have number of background processes; not
all are always present.

Oracle Processes

 System Processes
-- Mandatory Processes
-- Optional Processes

 User Processes

16
12/1/2010

Oracle System Processes

 Database Writer (DBWn)


 Log Writer(LGWR)
 System Monitor(SMON)
 Process Monitor (PMON)
Checkpoint (CKPT)
Archiver (ARCH)
Recoverer (RECO)
Lock (LCKn)
Server(Snn)

Database Writer

 All the writing of buffers of a data files is performed by


the database writer Process.

 DBWR also manages the buffer cache so that user


processes can always find free buffers

DBWR is responsible for buffer cache management


-- when a buffer in the buffer cache is modified , it is marked as
‘Dirty’.
-- DBWR keeps buffer cache ‘Clean’ by writing ‘Dirty’ buffers on
the Disk

17
12/1/2010

Database writer

Database writer writes to database when

-- Checkpoints occur
-- Dirty buffers reach threshold
-- There are no free buffers
-- Time out occurs

Log Writers

 The redo log buffer is written to a Redo log on disk by the


log writer process(LGWR)

 LGWR is the only process that writes to the on line Redo


log and reads the redo log buffers

Log Writer writes to log files when


-- A transaction commits
-- The redo log buffer is one third full
-- More than 1MB of changes recorded in the Redo Log Buffers
-- Before DBWn writes modified blocks in the database buffer Cache to the
data files
-- Every three seconds

18
12/1/2010

System Monitor
 The system Monitor Process performance instance
recovery at instance start up.

 SMON is also responsible for cleaning up temporary


segments

 It merges contiguous free extents in the data file

Process Monitor
 Performs process recovery when a user process
fails.

 PMON

-- Rolls back the transaction


-- Releases the locks
-- Releases other resources used by failed process

19
12/1/2010

Checkpoint (CKPT)
 Signals DBWR at checkpoints

 Records information in control file , to identify the


place in the online redo log file from where recovery
is to begin.

Updates all of the data files header and control file


with checkpoint information.

Managing Oracle Instance

20
12/1/2010

Parameter File
 Static parameter file (PFILE)
-- Default name in the format of initSID.ora
-- Text File
-- Default Location ORACLE_Home\Database

 Persistent server parameter file (SPFILE)


-- To create spfile first , pfile must exit
-- Default name in the format of spfileSID.ora
-- Binary file
-- Maintained by Oracle Server
-- Changes to parameter can be persistent across shutdown
and
startup
-- Default location ORACLE_HOME\Database

Changing parameter values


 Syntax :
-ALTER SYSTEM SET parameter_name= value [SCOPE=
MEMORY|SPFILE|BOTH]

 E.g.
- ALTER SYSTEM SET undo_tablespace=undo3 SCOPE=BOTH;

 To see parameters value


- SHOW PARAMETERS [parameter_name]

21
12/1/2010

Parameters in Initialization
 Some common Parameters
-- BACKGROUND_DUMP_DEST

-- COMPATIBLE

-- CONTROL_FILES

-- DB_CACHE_SIZE

-- DB_NAME

-- SHARED_POOL_SIZE

-- USER_DUMP_DEST

Starting Up a Database
 SYNTAX

-- STARTUP [ FORCE ] [ RESTRICT ] [


PFILE=pfile_name]
[ MOUNT | NOMOUNT]

 E.g.

-- STARTUP

-- STARTUP PFILE =
ORACLE_HOME\database\init<sid>.ora

22
12/1/2010

Starting Up a Database

Database can be started in three stages :

-- NOMOUNT

-- MOUNT

-- OPEN

ALTER DATABASE command

 Used for moving database from NOMOUNT to MOUNT


or MOUNT to OPEN stage.

 SYNTAX:

ALTER DATABASE <MOUNT | OPEN [READ WRITE |


READ ONLY ]>;

23
12/1/2010

Shutting down the database

 SYNTAX

SHUTDOWN [ NORMAL | TRANSACTIONAL |


IMMEDIATE | ABORT ] ;

Diagnostic Files
 The files contains information about significant events.

 Types of the files :

-- alert_SID.log
 Location decided by BACKGROUND_DUMP_DEST

-- Background trace files


 Location decided by BACKGROUND_DUMP_DEST

-- User trace files


 Location decided by USER_DUMP_DEST
 Size defined by MAX_DUMP_FILE_SIZE

24
12/1/2010

Terminating Session

 Syntax

ALTER SYSTEM KILL SESSION `sid , serial#’` ;

-- sid (session id) and Serial# (serial number) from


v$SESSION view are used to uniquely identify a
session

Data Dictionary and Dynamic


Performance views

25
12/1/2010

Data Dictionary

 Contains read only tables and views.

 Stored in the SYSTEM tablespace

 Owned by the user SYS

 Maintained automatically by the Oracle server

 Oracle server modifies it when a DDL statement is


executed

 Available as read only to users and DBA

Data dictionary Contents


 Data dictionary views are static views.

 Provides information about

-- Logical and Physical database structure


-- Definitions and space allocation of all objects such
as table , views,
synonyms etc.
-- Integrity constraint information
-- Names of Oracle users
-- Privileges and roles granted to users
-- Auditing information

26
12/1/2010

Data dictionary view categories


 Distinguish and prefixed by their scope

-- DBA

 All objects in the database

-- ALL

 Objects accessible by the current user

--USER

 Objects owned by the current user

Data Dictionary
 To get overview of the data dictionary views , query the
DICTIONARY view or
its synonym DICT

General Overview
-- DICTIONARY , DICT_COLUMNS

 Schema objects
-- DBA_TABLES
-- DBA_INDEXES
-- DBA_TAB_COLUMNS
-- DBA_TAB_CONSTRAINTS

27
12/1/2010

Data Dictionary

 Space allocation

-- DBA_SEGMENTS
-- DBA_EXTENTS

 Database structure
-- DBA_TABLESPACES
-- DBA_DATA_FILES

Dynamic Performance Views

 These virtual table exists in memory only when the database is running

 Reflect real-time conditions of the database operation

 Points to actual sources of information in memory and the control file

Also called as fixed views

 Owned by SYS and begin with V_$

 Accessed through public synonyms starting with V$

 Listed in V$FIXED_TABLE

28
12/1/2010

Dynamic Performance Views


 V$CONTROLFILE
-- Names of the control file

 V$DATABASE
-- Database information from the control file

 V$DATAFILE
-- Data file information from the control file

 V$INSTANCE
-- State of the current instance

 V$PARAMETER
-- List parameters and values currently in effect

 V$SESSION
-- Session information

Dynamic Performance Views

 V$SGA
-- Summary information of the SGA

 V$SPPARAMETER
-- Contents of the SPFILE

 V$TABLESPACE
-- Tablespace information from the control file

 V$VERSION
-- Version numbers of core library components

29
12/1/2010

Managing tablespace

Tablespace

 A database is divided into logical divisions called tablespace

 A database may have one or more tablespaces

 Each logical tablespace corresponds to one or more physical


database files

30
12/1/2010

Tablespace

 The original tablespace is named as SYSTEM

 The typical tablespace present in an ORACLE database are :

-- SYSTEM
 SYSTEM
 SYSAUX

-- Non- SYSTEM
 USER
 TEMP
 TOOLS

Tablespace

 SYSTEM tablespace

-- Created with the database


-- Contains the data Dictionary , including stored programs
-- Contains the system undo segments
-- Should not contain user data

31
12/1/2010

Tablespace

 Non- SYSTEM tablespace

-- Created for flexibility in database administration


-- Created to separate undo , temporary , application data and
application index segments
-- Created according to data backup requirements
-- Control the amount of space allocated to the user’s objects

Tablespace
 Syntax

CREATE TABLESPACE ts_name


[ DATAFILE ‘file_name’ [ SIZE integer [ K|M ]]
[ MINIMUM EXTENT integer [ K|M ]]
[ LOGGING | NOLOGGING ]
[ extent_management_clause ]
[ extent_management_clause ]

32
12/1/2010

Tablespace

 NOLOGGING

-- Affects only DML and DDL Commands , e.g. direct loads

Space management

 Locally Managed

-- Default beginning with Oracle9i


-- Free extents are managed within the tablespace using
bitmaps
-- Each bit corresponds to a block or group of blocks
-- Prior to Oracle9i Release 2 , the system tablespace was not
locally managed

33
12/1/2010

Space management

 Advantages of locally managed tablespaces

-- Reduced contention on data dictionary tables


-- When space is allocated or deallocated , undo not
generated
-- Tracks adjacent free space , so coalescing is not
required
-- The size of locally managed extents can be determined
automatically by system
-- Avoids recursive space management operation

Space management
 Syntax of extent_management_clause
[ EXTENT MANAGEMENT
[ DITIONARY | LOCAL
[ AUTOALLOCATE | UNIFORM
[ SIZE integer [ K | M] ] ] ]

 Example
CREATE TABLESPACE mydata
DATAFILE `c:\oradata\mydata01.dbf`
SIZE 400M
EXTENT MANAGEMENT LOCAL UNIFORM SIZE 128K

34
12/1/2010

Space management

extent_management_clause

-- LOCAL
 Default clause specifies that the tablespace is locally managed using
bitmaps
 With this clause DEFAULT storage_clause , MINIMUM EXTENT or
TEMPORARY clauses can not be specified

-- AUTOALLOCATE
 Specified that the tablespace is SYSTEM managed
 Users can not specify an extent size

Space management
 Dictionary managed

-- Free extents are managed in the data dictionary

-- Data dictionary is updated appropriately when extents are


allocated or deallocated

-- Each segment stored in the tablespace can have a different


storage clause , so more flexible than locally managed but
much less efficient

-- Coalescing is required

35
12/1/2010

Space management

 Dictionary Managed example

CREATE TABLESPACE mydata


DATAFILE `c:\oradata\mydata01.dbf`
EXTENT MANAGEMENT DICTIONARY DEFAULT
STORAGE ( INITIAL 1M NEXT 1M PCTINCREASE 0)

Undo Tablespace
 Used to store undo segments

 Extents are locally managed

 EXTENT MANAGEMENT LOCAL and DATAFILE clauses can only


be
specified

 Syntax :

-- CREATE UNDO TABLESPACE ts_name [DATAFILE clause]


[ EXTENT MANAGEMENT clause]

 E . G.
-- CREATE UNDO TABLESPACE undo1 DATAFILE
‘c:\oradata\undo.dbf’ SIZE 20M

36
12/1/2010

Temporary Tablespace

 Temporary tablespace

-- Used to hold temporary objects e.g segments used by


implicit sorts caused by an ORDER BY clause

-- It is always with standard blocksize

-- To create a locally managed temporary tablespace , use the


CREATE TEMPORARY TABLESPACE statement

Temporary Tablespace

 The extents once allocated can be only freed when the instance is
shut down

 e.g

CREATE TEMPORARY TABLESPACE temp1


TEMPFILE ` c:\oradata\temp1.dbf` SIZE 30M
EXTENT MANAGEMENT LOCAL
UNIFORM SIZE 2M;

37
12/1/2010

Temporary Tablespace
 Points to remember about temporary data
files in locally managed temporary tablespace
• Non standard block sizes cannot be specified
• Temporary files are always set to NOLOGGING mode
• It cannot be made read only
• Temporary files are required for read only databases
• Media recovery does not recover tempfiles.

Default Temporary Tablespace


 Default temporary tablespace is created to
eliminate the use of System tablespace for
storing temporary data
 Default temporary tablespace can be created
• At the time of database creation
• After database creation
 By creating temporary tablespace and setting it to Default temporay
tablespace
 E.g. ALTER DATABASE DEFAULT TEMPORARY TABLESPACE temp1;

38
12/1/2010

Default Temporary Tablespace


 When Default temporay tablespace is
changed,all users assigned the Default
temporay tablespace are assigned to new
default
 To find Default temporary tablesapce for the
database query
DATABASE_PROPERTIES view

Default Temporary Tablespace


 Restrictions on default temporary tablespace
• Can not be dropped until new default is available
• Cannot be taken offline

39
12/1/2010

Taking Tablespace offline


 Syntax:
ALTER TABLESPACE ts_name<ONLINE | OFFLINE
[NORMAL|IMMEDIATE]>;
 Example :
ALTER TABLESPACE user OFFLINE
ALTER TABLESPACE user ONLINE

Taking Tablespace offline


 Following tablespace cannot be taken offline
- System tablespace
- Tablespaces with active undo segments
- Default temporary tablespace

40
12/1/2010

Changing Size of Tablespace


 Size of the tablespace can be changed
automatically by specifying AUTOEXTEND
clause with
- CREATE DATABASE
- CREATE TABLESPACE
- ALTER TABLESPACE…. ADD DATAFILE

Changing Size of Tablespace


 Examples :
– CREATE TABLESPACE user1 DATAFILE
‘C:\oradata\user1.dbf’ SIZE 4M AUTOEXTEND ON
NEXT 2M MAXSIZE 100M
– ALTER DATABASE DATAFILE ‘C:\oradata\user1.dbf’
AUTOEXTEND ON NEXT 2M;
– ALTER TABLESPACE user2 ADD DATAFILE
‘C:\oradata\user3.dbf’ SIZE 10M;
– ALTER DATABASE DATAFILE ‘C:\oradata\user1.dbf’
RESIZE 5M;

41
12/1/2010

DROPPING TABLESPACES
 SYNTAX
- DROP TABLESPACE ts_name [INCLUDING
CONTENTS[AND DATAFILES][CASCADE
CONSTRAINTS]];
 Example
- DROP TABLESPACE user1 INCLUDING
CONTENTS AND DATAFILES;

DROPPING TABLESPACES
Guidelines
- Tablespace can not be dropped if it
 Is a system tablespace
 Contain active segments
- Tablespace that still contains data can be only
dropped by specifying INCLUDING CONTENTS
option.
- To drop files of tablespace use AND DATAFILES
clause

42
12/1/2010

TABLESPACE INFORMATION
 Tablespace Information
- DBA_TABLESPACES
- V$TABLESPACE
 Data file information
-DBA_DATA_FILES
- V$DATAFILE
 Temp file information
- DBA_TEMP_FILES
- V$TEMPFILE

UNDO SEGMENT
• Purpose of Undo segments
- Transaction rollback
 Used to record old values of data that were changed by a
transaction
 Restores these values if transaction is rolled back
- Transaction recovery
 Possible because changes made to the undo segment are
also protected by the online redo log files.
- Read consistency
 Does not allow other transactions to see any uncommitted
changes

43
12/1/2010

CREATING UNDO SEGMENT


 By adding clause in the CREATE DATABSE
- CREATE DATABASE trydb……
UNDO TABLESPACE undo1 DATAFILE
‘C:\oradata\undo1.dbf’ SIZE 30M
AUTOEXTEND ON;
 By creating undo tablespace later on
- CREATE UNDO TABLESPACE undo2 DATAFILE
‘C:\oradata\undo2.dbf’ SIZE 30M AUTOEXTEND
ON;

SWITCHING UNDO TABLESPACE


 Multiple undo tablespace can exists, however
only one tablespace can be active at a time.
 To switch between undo tablespaces
dynamically
- ALTER SYSTEM SET
UNDO_TABLESPACE= undotbs2;

44
12/1/2010

AUTOMATIC UNDO MANAGEMENT


 Undo tablespace may need to be increased to
support long running queries that needs
consistent reads
 UNDO_RETENTION parameter detarmines
how long to retain undo data for consistent
reads
 Can be modified dynamically
- ALTER SYSTEM SET UNDO_RETENTION=600;

CREATING UNDO SEGMENT


 Specifying Retention Guarantee
- CREATE UNDO TABLESPACE undo2 DATAFILE
‘C:\oradata\undo2.dbf’ SIZE 30M
AUTOEXTEND ON RETENTION GUARANTEE;

45
12/1/2010

PRIVILAGES AND ROLES

CONTROLLING USERS AND


SECURITY
 Control over security
- Oracle server provide tools by which the DBA
can ensure security of the data
- Use of
 User name, Password
 Privileges , Roles

46
12/1/2010

DATABASE SCHEMA
 A schema is a named collection of database
objects that are associated with particular
user
 When a database user is created , a schema
with the same name is created for that user.

CREATING USER
 Consider following when creating User
- Identify table space
- Decide quota on each tablespaces
- Assign a default and temporary tablespaces
-Decide privileges and roles

47
12/1/2010

CREATING USER
DATA DICTIONARY AUTHENTICATION
 Syntax
CREATE USER username IDENTIFIED BY
<password>[DEFAULT TABLESPACE
ts_name][TEMPORARY TABLESPACE
ts_name][QUOTA<integer[K|M]| UNLIMITED
> ON ts_name][PASSWORD
EXPIRE][ACCOUNT<LOCK|UNLOCK>][PROFILE<
profile_name|DEFAULT>];

CREATING USER
DATA DICTIONARY AUTHENTICATION
 Example
CREATE USER Anil IDENTIFIED BY xxyyzz
DEFAULT TABLESPACE user1
TEMPORARY TABLESPACE temp
QUOTA 10M ON user1
QUOTA 10M ON data
PASSWORD EXPIRE
ACCOUNT UNLOCK

48
12/1/2010

CREATING USER
 Points to remember
- If default tablespace is not assigned then
system tablespace is assigned as the default
- If PASSWORD EXPIRE is specified then, user
will be prompted to change his password at
the first log in

CHANGING USER QUOTA


 Syntax:
ALTER USER user_name
[DEFAULT TABLESPACE ts_name]
[TEMPORARY TABLESPACE
ts_name][QUOTA<integer[K|M|UNLIMITED>O
N ts_name];
 E.g.
- ALTER USER Anil QUOTA 0 ON user1;

49
12/1/2010

CHANGING PASSWORD
 Syntax:
- ALTER USER user_name IDENTIFIED BY
new_password;
- e.g.
- ALTER USER Anil IDENTIFIED BY anil87;

DROPPING A USER
 Syntax:
- DROP USER user_name [CASCADE];
 E.g
- DROP USER Anil CASCADE;
 The CASCADE option drops all objects in the
schema before dropping the user.

50
12/1/2010

USER INFORMATION
 Information about users can be obtained
from the following views
- DBA_USERS
- DBA_TS_QUOTAS

PRIVILEGES
 Privileges
- are rights to execute particular SQL statement
 Need to grant privileges
- Data confidentiality
 Only relevant personnel have access to
confidential data
- Efficient system management
 Users are allowed to perform limited operations
that they need.

51
12/1/2010

PRIVILEGES
 Categories of privileges
- System privileges
- Object privileges

SYSTEM PRIVILEGES
 System privileges allows users to perform
particular actions in the database
 e.g
- Creating public synonyms, new users etc.
- Removing users , tables etc.
- Database backup
 These privileges are normally granted only to
DBAs

52
12/1/2010

SYSTEM PRIVILEGES
Category Privileges
Index CREATE ANY INDEX
ALTER ANY INDEX
DROP ANY INDEX
Table CREATE TABLE
CREATE ANY TABLE
ALTER ANY TABLE
DROP ANY TABLE
SELECT ANY TABLE
UPDATE ANY TABLE
DELETE ANY TABLE
Session CREATE ANY SESSION
ALTER SESSION
RESTRICTED SESSION
Tablespace CREATE TABLESPACE
ALTER TABLESPACE
DROP TABLESPACE

SYSTEM PRIVILEGES
 Points to remember
- CREATE privilege include dropping these
objects
- To connect database CREATE SESSION privilege
is required
- To truncate table of another schema DROP ANY
TABLE privilege is required.

53
12/1/2010

GRANT-SYSTEM PRIVILEGES
 Syntax :
GRANT privilege1[, privilege2,….]
TO USER <[user_name1,user_name2,….] |role|
PUBLIC> [WITH ADMIN OPTION];
 E.g.
GRANT create session , create table TO Anil;
 WITH ADMIN OPTION
-Enables the grantee to further grant the privilege or
role to other users or roles.

REVOKING SYSTEM PRIVILEGE


 Syntax:
- REVOKE <system_priv | role> FROM
<user_name | role | PUBLIC>;
 E.g.
- REVOKE CREATE TABLE FROM Anil;
 Users with ADMIN OPTION for system
privileges can revoke system privileges
 There are no cascading effect when system
privilege is revoked.

54
12/1/2010

OBJECT PRIVILEGES
 Enables users to access and manipulate a
specific object
 Each object has a particular set of grantable
privileges
- Table SELECT,INSERT,UPDATE,DELETE,INDEX
REFERENCES ,ALTER
- View SELECT,INSERT,UPDATE,DELETE,REFERENCE
- Sequence SELECT , ALTER
- Sub-program EXECUTE

OBJECT PRIVILEGES
 Owner has all privilege on objects available in
his schema
 Owner can give privileges on objects owned
by him to other users or roles
 Syntax:
GRANT <obj_priv1[(col_names)][,obj_priv2,….]
| ALL > ON object_name
TO <user_name|role|PUBLIC>[WITH GRANT
OPTION];

55
12/1/2010

OBJECT PRIVILEGES
 WITH GRANT OPTION
- Allows grantee to grant objects privileges to
other users or roles
- Not valid when granting an object privilege to
a role
 Example :
- Grant select ON emp TO Amit WITH GRANT
OPTION;
- GRANT update (job,deptno) ON emp TO
miller.

REVOKE OBJECT PRIVILEGES


 Revoke command is used to remove privileges
assigned to different users
 Cascading effects can be observed when
revoking a system privilege
 Syntax:
REVOKE <[privilege1,privilege2,….]|ALL>ON
object_name FROM
<[user_name1,user_name2,….]|role|PUBLIC>;
 Example:
-REVOKE select ON emp FROM Amit

56
12/1/2010

PRIVILEGES INFORMATION
 DBA_SYS_PRIVS
- Lists system privileges granted to users and roles
 DBA_TAB_PRIVS
- Lists all grants on all objects in the database
 DBA_COL_PRIVS
- Lists column privileges
 SESSION_PRIVS
- Lists the privileges that are currently available to the user
 ALL_TAB_PRIVS_MADE
- Lists the grants made on the objects owned by the current user

ROLE
 Role is a named group of related privileges
that can be granted to users
 Role provides easy and controlled privilege
management
 Role can consists of both system and object
privileges
 It can granted to any database user or role

57
12/1/2010

CREATE ROLE
 Syntax:
- CREATE ROLE role_name;
 e.g
- CREATE ROLE engineer;
- GRANT create session , create table, create
view, TO engineer;
- GRANT engineer TO Amol, Anamika WITH
ADMIN OPTION;

PREDEFINED ROLE
 CONNECT
- Privileges to connect to the database and create various
objects as cluster , database
link,sequence,synonym,table,view
 RESUORCE
- Privileges to create programmatic objects such as procedure,
functions,packages,triggers,types.
 DBA
- All system privileges with ADMIN option
 SELECT_CATALOG_ROLE-
-Select privilege on data dictionary tables

58
12/1/2010

ASSIGNING ROLES
 Syntax:
GRANT role1,role2,……
TO <user|role|PUBLIC>[WITH ADMIN OPTION]
 E.g.
- GRANT engineer TO scott WITH ADMIN
OPTION;

REVOKING ROLES
 Syntax:
REVOKE role1,[,role2]
FROM <user|role|PUBLIC>;
 Example:
- REVOKE engineer FROM scott;
 Any user with ADMIN option for a role can
revoke the role from any other database user
or role.

59
12/1/2010

REMOVING ROLE
 DROP ROLE command
- Removes it from all users and roles it was
granted
- Removes it from database
 ADMIN OPTION or DROP ANY ROLE
privileges are required
 Syntax:
- DROP ROLE role;

ROLE INFORMATION
 DBA_ROLES
- Lists the roles defined in the database
 DBA_ROLE_PRIVS
- Lists all the roles granted to users and roles
 ROLE_ROLE_PRIVS
- Lists roles granted to the roles
 DBA_SYS_PRIVS
- Lists system privileges granted to users and
roles

60