Scribd Logo
Upload

Welcome to Scribd!

  • Lab-04users - Privileges

    Uploaded by

    khushi
    36 views11 pages
    This document provides examples of using Oracle GRANT and REVOKE statements to manage user privileges in an Oracle database. It demonstrates how to grant and revoke system privileges like CREATE SESSION and CREATE TABLE, as well as object privileges like SELECT, INSERT, UPDATE and DELETE on specific tables. It also shows how to grant privileges with the ADMIN OPTION to allow users to grant privileges to other users.

    Original Description:

    Original Title

    lab-04Users _ Privileges

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides examples of using Oracle GRANT and REVOKE statements to manage user privileges in an Oracle database. It demonstrates how to grant and revoke system privileges like CREATE SESSION and CREATE TABLE, as well as object privileges like SELECT, INSERT, UPDATE and DELETE on specific tables. It also shows how to grant privileges with the ADMIN OPTION to allow users to grant privileges to other users.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    36 views11 pages

    Lab-04users - Privileges

    Uploaded by

    khushi
    This document provides examples of using Oracle GRANT and REVOKE statements to manage user privileges in an Oracle database. It demonstrates how to grant and revoke system privileges like CREATE SESSION and CREATE TABLE, as well as object privileges like SELECT, INSERT, UPDATE and DELETE on specific tables. It also shows how to grant privileges with the ADMIN OPTION to allow users to grant privileges to other users.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    Practical No 04: Part A

    Aim: Users & Privileges

    Prerequisite: Oracle ,MySql.

    Outcome: how to create a new user in the Oracle database .


    learn how to grant system and object privileges to a specific
    Name- Khushi Jain (A218) BTech IT

     Theory:
     GRANT – learn how to grant system and object privileges to a specific
    user.
     REVOKE – describe how to revoke system and object privileges from a
    user.
     ALTER USER – use the alter statement to modify the authentication or
    database resource of a database user.
     DROP USER – show you how to delete a user from the Oracle Database.
     How to Grant All Privileges to a User – learn how to grant all privileges
    to a user.
     How to grant SELECT object privilege on one or more tables to a user –
    show you how to use grant the SELECT object privilege on one or more
    table to a user.

    What is a privilege?
    By definition, a privilege is a right to execute an SQL statement or a right to
    access an object of another user.

    Oracle defines two main types of privileges: system privileges and object
    privileges

    Introduction to Oracle REVOKE statement
    The Oracle REVOKE statement revokes system and object privileges from a
    user. Here is the basic syntax of the Oracle REVOKE statement:
    REVOKE {system_privilege | object_privilege } FROM user;
    In this syntax:

     First, specify the system or object privileges that you want to revoke
    from the user.
     Second, specify the user from which you want to revoke the
    privileges.

    In order to revoke a system privilege from a user, you must have been
    granted the system privilege with the ADMIN OPTION.
    To revoke an object privilege from a user, you must previously granted the
    object privilege to the user or you must have the GRANT ANY OBJECT
    PRIVILEGE system privilege.
    On top of this, you can use the REVOKE statement to revoke only privileges
    that were granted directly with a GRANT statement. In other words, you
    cannot use the REVOKE statement to revoke privileges that were granted
    through the operating system or roles.
    To revoke all system privileges from a user, you can use the following
    statement:

    REVOKE ALL PRIVILEGES FROM user;

    Oracle REVOKE statement example
    First, create a user names bob and grant him the CREATE SESSION system
    privilege so that he can log in the Oracle Database:
    CREATE USER bob IDENTIFIED BY abcd1234;

    GRANT CREATE SESSION TO bob;


    Second, grant the CREATE TABLE system privilege to bob:
    GRANT CREATE TABLE TO bob;
    Third, grant the SELECT, INSERT, UPDATE and DELETE object privileges
    to bob on ot.customers table:
    GRANT SELECT, INSERT, UPDATE, DELETE ON ot.customers
    TO bob;
    Now, bob can create a new table in his own schema and manipulate data in
    the ot.customers table.
    Fourth, log in to the Oracle Database as bob and execute the following
    statements:
    CREATE TABLE t1(id int);

    SELECT
    name
    FROM
    customers
    ORDER BY
    name
    FETCH FIRST 5 ROWS ONLY;
    Both queries executed successfully because the user bob has sufficient
    privileges.
    Fifth, revoke the object privileges from bob:
    REVOKE SELECT, INSERT, UPDATE, DELETE ON ot.customers
    FROM bob;
    Sixth, go to the bob‘s session and select data from the ot.customers table:
    SELECT
    name
    FROM
    customers
    ORDER BY
    name
    FETCH FIRST 5 ROWS ONLY;
    Oracle issued the following error:

    ORA-00942: table or view does not exist


    This is correct because bob is no longer has the SELECT object privilege on
    the ot.customers table.
    Seventh, revoke the CREATE TABLE system privilege from bob:
    REVOKE CREATE TABLE FROM bob;
    Eighth, go to the bob’s session and attempt to create a new table:

    CREATE TABLE t2(id INT);


    Oracle issued the following error, which is what we expected.

    ORA-01031: insufficient privileges


    If you don’t want bob to log in, you can revoke the CREATE SESSION system
    privilege as shown in the following statement:
    REVOKE CREATE SESSION FROM bob;
    Next time, bob won’t be able to log in the Oracle Database anymore.
    In this tutorial, you have learned how to use the Oracle REVOKE statement to
    revoke system and object privileges from a user.

    Part B
    Granting Privileges:
    System privileges
    System privileges determine what a user can do in the database. They
    mainly allow a user to add or modify schema objects in the database
    like creating tables, creating views, and removing tablespaces.

    The most important system privileges are:

      CREATE SESSION
      CREATE TABLE
      CREATE VIEW
      CREATE PROCEDURE
      SYSDBA
      SYSOPER

    Object privileges
    Object privileges decide how a user can access the data in the database.
    The object privileges apply to rows in tables or views.

    Here are some common object privileges:

      INSERT
      UPDATE
      DELETE
      INDEX
      EXECUTE

    To grant one or more privileges to a user, you use the GRANT statement

    Introduction to the Oracle GRANT statement


    The GRANT statement assigns one or more privileges to a specific user. The
    following illustrates the basic syntax of the GRANT statement:
    GRANT {system_privileges | object_privileges }
    TO user
    [WITH ADMIN OPTION]
    In this syntax:

    First, specify the system or object privileges that you want to assign to a
    user after the GRANT keyword. If you assign more than one privilege, you use
    a comma-separated list of privileges.
    Second, specify the user that receives the privileges after the TO keyword.
    Third, optionally use the WITH ADMIN OPTION if you want the user to be able to
    perform the following:

     Grant / revoke the privilege to / from another user.


     Alter the privilege to change the authorization needed to access it.
     Drop the privilege.

    The user who receives the privileges via the GRANT statement is also known
    as a grantee.
    Note that the GRANT statement also works with roles, which we will cover in
    the subsequent tutorial.

    Oracle GRANT statement examples
    Let’s practice with the GRANT statement to get a better understanding.
    1) Use Oracle GRANT to grant system and object privileges to a user example
    In this tutorial, we will launch two SQL*Plus sessions, one for the
    user ot that will grant privileges and another for the user john.
    First, launch SQL*Plus and log in to the Oracle database using the user john.
    Note that we assigned the user john the CREATE SESSION system privilege, so
    it should be able to log in.
    In case you’re not following the CREATE USER tutorial, you can create the
    user john and grant the CREATE SESSION system privilege by using the
    following statements:
    CREATE USER john IDENTIFIED BY abcd1234;
    GRANT CREATE SESSION TO john;
    Second, use the user john to log in to the Oracle Database and create a new
    table:
    CREATE TABLE t1(id NUMBER PRIMARY KEY);
    Oracle issued the following error:

    ORA-01031: insufficient privileges


    To allow the user john to create the table, you need to grant the CREATE
    TABLE system privilege to the user as shown in the following statement:
    GRANT CREATE TABLE TO john;
    Now, the user john can create a new table:
    CREATE TABLE t1(id NUMBER PRIMARY KEY);
    The following statement shows the privileges of the current user:

    SELECT * FROM session_privs;


    Here are the privileges of the user john:
    PRIVILEGE
    ------------------
    CREATE SESSION
    CREATE TABLE
    Third, use the user john to insert a new row into the t1 table:
    INSERT INTO t1(id) VALUES(10);
    Oracle issued the following error:

    ORA-01950: no privileges on tablespace 'USERS'


    This is because the user john has a quota of zero on the USERS tablespace.
    To fix this, you use the ALTER USER command to change the quota of the
    user john on the USERS tablespace:
    ALTER USER john QUOTA UNLIMITED ON USERS;
    Now, the user john should be able to insert a row into the t1 table:
    INSERT INTO t1(id) VALUES(10);
    And query data from the t1 table as well:
    SELECT * FROM t1;
    Here is the output:

    ID
    ----------
    10

    2) Use Oracle GRANT to assign privileges WITH ADMIN OPTION example


    First, create a new user called jack and grant the user the CREATE SESSION so
    that the user can log in:
    CREATE USER jack IDENTIFIED BY abcd1234
    QUOTA UNLIMITED ON users;

    GRANT CREATE SESSION TO jack;


    Second, grant the CREATE TABLE system privilege to john, but this time, use
    the WITH ADMIN OPTION:
    GRANT CREATE TABLE TO john WITH ADMIN OPTION;
    Now, the user john can grant the CREATE TABLE system privilege to another
    user e.g. jack.
    Third, login as john and grant the CREATE TABLE system privilege to jack:
    GRANT CREATE TABLE TO jack;
    Finally, login as jack and create a new table:
    CREATE TABLE t2(id NUMBER PRIMARY KEY);
    The user jack can create the table.
    3) Using Oracle GRANT to assign privileges which has ANY option example
    Some system privileges have the keyword ANY that enables a user to
    perform the corresponding action on any objects in the database.
    For example, SELECT ANY TABLE allows a user to select data from any table in
    any schema in the database.
    Consider the following example.

    First, log in as jack and select the data from t1 table in the john‘s schema:


    SELECT * FROM john.t1;
    Oracle issued the following error:

    ORA-00942: table or view does not exist


    Second, login as ot and grant the SELECT ANY TABLE system privilege to jack:
    GRANT SELECT ANY TABLE TO jack;
    Third, from the session of john, execute the SELECT statement:
    SELECT * FROM john.t1;
    Here is the output:

    ID
    ----------
    10
    Now the user jack can select data from any table in any schema in the
    Oracle database.
    4) Using Oracle GRANT to grant object privileges to a user example
    First, launch the first SQL*Plus session, log in as ot user and create a new
    table named t2:
    CREATE TABLE t2(id INT);
    Second, insert some values into the t2 table:
    INSERT INTO t2(id) VALUES(1);
    INSERT INTO t2(id) VALUES(2);
    Third, launch the second SQL*Plus session, log in as john, and query data
    from the ot.t2 table:
    SELECT * FROM ot.t2;
    Oracle issued the following error:

    ORA-00942: table or view does not exist


    This is because the user john does not have a privilege to query data from
    the ot.t2 table.
    Fourth, go back to the first SQL*Plus session and grant the SELECT object
    privilege on ot.t2 to john:
    GRANT SELECT ON ot.t2 TO john;
    Fifth, go the second session SQL*Plus and query data from the ot.t2 table:
    SELECT * FROM ot.t2
    Now, john should be able to query data from the ot.t2 table.
    Sixth, try to insert some rows into the ot.t2 table:
    INSERT INTO ot.t2(id) VALUES(3)
    Oracle issued the following error:

    ORA-01031: insufficient privileges


    To allow john to insert and update data in the ot.t2 table, you need to grant
    the INSERT and UPDATE object privilege to john:
    GRANT INSERT, UPDATE ON ot.t2 TO john;
    Now, john should be able to insert and update data in the ot.t2 table.
    In this tutorial, you have learned how to use the Oracle GRANT statement to
    assign system and object privileges to a specific user.

    You might also like