barcode crystal reports Granting a Role Using WITH ADMIN OPTION in Font

Generating Code 39 Full ASCII in Font Granting a Role Using WITH ADMIN OPTION

Granting a Role Using WITH ADMIN OPTION
Code 3/9 Drawer In None
Using Barcode creator for Font Control to generate, create USS Code 39 image in Font applications.
www.OnBarcode.com
Code 128A Creation In None
Using Barcode generation for Font Control to generate, create Code 128 image in Font applications.
www.OnBarcode.com
If you grant a user a role using the WITH ADMIN OPTION clause, the grantee can do the following: Grant the role to or revoke it from any user or other role in the database. Grant the role with the WITH ADMIN OPTION. Alter or drop the role.
Printing Code 39 Full ASCII In None
Using Barcode generation for Font Control to generate, create Code-39 image in Font applications.
www.OnBarcode.com
GTIN - 12 Printer In None
Using Barcode drawer for Font Control to generate, create UPC A image in Font applications.
www.OnBarcode.com
Granting a Role to Another Role
PDF 417 Maker In None
Using Barcode encoder for Font Control to generate, create PDF417 image in Font applications.
www.OnBarcode.com
Barcode Creator In None
Using Barcode maker for Font Control to generate, create Barcode image in Font applications.
www.OnBarcode.com
You normally grant a role to a user. The user then can immediately exercise all the privileges encompassed by the role. However, you can grant a role to another role. In this case, the database will add all the privileges of the role being granted to the privilege domain of the grantee role.
GS1-128 Printer In None
Using Barcode printer for Font Control to generate, create EAN 128 image in Font applications.
www.OnBarcode.com
Creating ANSI/AIM Code 93 In None
Using Barcode drawer for Font Control to generate, create Uniform Symbology Specification Code 93 image in Font applications.
www.OnBarcode.com
The PUBLIC User Group and Roles
Make Code 39 In Java
Using Barcode creator for Java Control to generate, create Code-39 image in Java applications.
www.OnBarcode.com
Code 39 Decoder In None
Using Barcode decoder for Software Control to read, scan read, scan image in Software applications.
www.OnBarcode.com
If you grant a role to PUBLIC, the database makes the role available to all the users in your database. If you wish to give a certain privilege or role to all the users in the database, you simply grant this privilege or role to the PUBLIC user group, which exists in every database by default. This is not a recommended way to grant privileges, however, for obvious reasons.
GS1 DataBar Truncated Creation In .NET Framework
Using Barcode creation for .NET framework Control to generate, create GS1 DataBar Truncated image in .NET applications.
www.OnBarcode.com
Creating PDF417 In VS .NET
Using Barcode creation for Reporting Service Control to generate, create PDF417 image in Reporting Service applications.
www.OnBarcode.com
Disabling and Enabling a Role
Drawing European Article Number 13 In .NET Framework
Using Barcode drawer for Reporting Service Control to generate, create European Article Number 13 image in Reporting Service applications.
www.OnBarcode.com
Barcode Generator In Objective-C
Using Barcode drawer for iPhone Control to generate, create Barcode image in iPhone applications.
www.OnBarcode.com
You can disable a user s role by inserting the appropriate row into the Product_User_Profile table in the SYSTEM schema. Listing 12-10 shows you how to insert a row into this table to disable the TEST123 role, which has been assigned to the user TESTER. Listing 12-10. Disabling a Role Using the Product_User_Profile Table SQL> INSERT INTO PRODUCT_USER_PROFILE(PRODUCT,userid,attribute,char_value) 2* VALUES('SQL*Plus','TESTER','ROLES','TEST123'); 1 row created. SQL> COMMIT; Commit complete. SQL> CONNECT tester/tester@finance1 Connected. SQL> SELECT * FROM hr.regions;; select * from hr.regions *ERROR at line 1: ORA-00942: table or view does not exist As you can see, once the TEST123 role is disabled, the TESTER user can t select from the database tables, and an error is issued when the SELECT is attempted.
Barcode Maker In None
Using Barcode creator for Software Control to generate, create Barcode image in Software applications.
www.OnBarcode.com
Generate EAN / UCC - 14 In .NET Framework
Using Barcode generation for Reporting Service Control to generate, create UCC - 12 image in Reporting Service applications.
www.OnBarcode.com
CHAPT ER 12 USE R MA NAGEM ENT AN D DA TA BAS E S ECURITY
Quick Response Code Scanner In Visual Basic .NET
Using Barcode reader for VS .NET Control to read, scan read, scan image in Visual Studio .NET applications.
www.OnBarcode.com
ANSI/AIM Code 128 Drawer In None
Using Barcode maker for Excel Control to generate, create Code 128A image in Excel applications.
www.OnBarcode.com
When you want to reenable the TEST123 role, all you need to do is delete the appropriate row from the Product_User_Profile table, as shown here: SQL> DELETE FROM product_user_profile 2 WHERE userid='TESTER' 3* AND char_value = 'TEST123'; 1 row deleted. SQL> commit; Commit complete.
Create Code 128B In .NET
Using Barcode creation for VS .NET Control to generate, create Code-128 image in VS .NET applications.
www.OnBarcode.com
Code-128 Scanner In Visual Basic .NET
Using Barcode recognizer for VS .NET Control to read, scan read, scan image in VS .NET applications.
www.OnBarcode.com
Dropping a Role
Dropping a role is simple. Just use the DROP ROLE command: SQL> DROP ROLE admin_user; Role dropped. SQL>
Using Views and Stored Procedures to Manage Privileges
In addition to using roles and privileges, Oracle also enables data security through the use of views and stored procedures. You ve already seen in 5 how views on key tables or even table joins can not only hide the complexity of queries, but also provide significant data security.
DBA Views for Managing Users, Roles, and Privileges
The OEM is very handy when managing users in the database. However, you may wish to use a SQL script from time to time to glean information about the users. Specific data dictionary views can help you see who has what role, and what privileges a certain role has. You can also see what system- and object-level privileges have been granted to a certain user. Table 12-1 presents the key data dictionary views you can use to manage users, privileges, and roles in the database.
Table 12-1. Data Dictionary Views for Managing Users
Data Dictionary View
DBA_USERS DBA_ROLES DBA_COL_PRIVS DBA_ROLE_PRIVS DBA_SYS_PRIVS DBA_TAB_PRIVS ROLE_ROLE_PRIVS ROLE_SYS_PRIVS ROLE_TAB_PRIVS SESSION_PRIVS SESSION_ROLES
Description
Provides information about users Shows all the roles in the database Shows column-level object grants Shows users and their roles Shows users who have been granted system privileges Shows users and their privileges on tables Shows roles granted to roles Shows system privileges granted to roles Shows table privileges granted to roles Shows privileges currently enabled for the current session Shows roles currently enabled for the current session
CHAPTER 12 US ER MA NAG EMENT A ND DA TABA SE S ECUR ITY
Fine-Grained Data Access
The traditional means of ensuring data security (using privileges, roles, views, etc.) works pretty well, but it has certain limitations. Chief among these is the fact that most security measures are too broadbased, with the result that you end up unnecessarily restricting users when your primary goal is to ensure that users can freely access information they need. In addition to the traditional concepts of roles and privileges, Oracle provides more fine-grained, lower-level data security techniques. For example, you can allow all users to access a central table, such as a payroll table, but you can institute security policies that limit an individual user s access to only those rows in the table that pertain to his or her department. Such limitations are transparent to the database users. Oracle uses two related mechanisms to enforce fine-grained security within the database: an application context and a fine-grained access control (FGAC) policy. Oracle uses the term virtual private database to refer to the implementation of fine-grained access control policies using application contexts. Often, you ll find the terms fine-grained access control, virtual private database, and row-level security used interchangeably to refer to Oracle s capability to ensure security at the individual row level instead of the table level. By using Oracle s fine-grained access control, you can fine-tune security policies in a very sophisticated manner. You can use the fine-grained access control for the following purposes: Enforce row-level access control through SELECT, INSERT, UPDATE, and DELETE statements. Create a security policy that controls access based on a certain value of a column. Create policies that are applied the same way always as well as policies that dynamically change during the execution of the query. Create sets of security policies, called policy groups. Oracle lets you control row-level access to database objects through the virtual private database (VPD) feature. Each user of an application can be limited to seeing only a part of a table s data by using the VPD concept. This row-level security is enforced by attaching a security policy directly to a database object, such as a table, view, or synonym. No matter which tool the user uses to access the database (SQL*Plus, an ad hoc query tool, or a report writer), the user can t elude this row-level security, which is enforced by the database server. Since the database enforces VPD, it provides much stronger security than application-based security. VPD uses a type of query rewrite to restrict users to certain rows of tables and views. A security policy is attached to the table or tables to which you want to control access, and stored procedures are written to modify any relevant SQL statements made against the tables in question. When a user issues an UPDATE statement against a table with such a security policy, Oracle will dynamically append a predicate (a WHERE clause) to the user s statement to modify it and limit the user s access to that table. For example, if a user belonging to the sales department issues the statement UPDATE EMPLOYEE SET salary=salary*1.10, the security policies attached to the employees table will cause Oracle to add the fine-grained security function to the clause WHERE dept='SALES' to ensure that only employees in sales are affected. Here is the original query: UPDATE EMPLOYEE SET salary=salary*1.10 And here is the modified statement: UPDATE EMPLOYEE SET salary=salary*1.10 WHERE dept='SALES' To create a VPD, you have to create what is known as an application context and then implement fine-grained access control to enforce the row-level security for database tables and views. The application context helps you create security policies that draw upon certain aspects of a user s session information. To take a simple example, when a user logs into the database, the user s ID identifies the user, and based on that piece of information, the application s security policy sets
Copyright © OnBarcode.com . All rights reserved.