Oracle Database

Page 118

Granting User Privileges and Roles

that can cause this are when necessary privileges required by the type are revoked, or the type or dependent types are dropped. If these actions occur, then the table becomes invalid and cannot be accessed. A table that is invalid because of missing privileges can automatically become valid and accessible if the required privileges are granted again. A table that is invalid because a dependent type was dropped can never be accessed again, and the only permissible action is to drop the table. Because of the severe effects that revoking a privilege on a type or dropping a type can cause, the SQL statements REVOKE and DROP TYPE, by default, implement restricted semantics. This means that if the named type in either statement has table or type dependents, then an error is received and the statement cancels. However, if the FORCE clause for either statement is used, then the statement always succeeds. If there are depended-upon tables, then they are invalidated. See Also: Oracle Database Reference for details about using the REVOKE, DROP TYPE, and FORCE clauses

Granting User Privileges and Roles This section describes the granting of privileges and roles, and contains the following topics: ■

Granting System Privileges and Roles

Granting Object Privileges

Granting Privileges on Columns

It is also possible to grant roles to a user connected through a middle tier or proxy. This is discussed in "Using a Middle Tier Server for Proxy Authentication" on page 3-31.

Granting System Privileges and Roles You can use the GRANT SQL statement to grant system privileges and roles to users and roles. The following privileges are required: ■

To grant a system privilege, a user must be granted the system privilege with the ADMIN OPTION or was granted the GRANT ANY PRIVILEGE system privilege. To grant a role, a user must be granted the role with the ADMIN OPTION or was granted the GRANT ANY ROLE system privilege.

Example 4–9 grants the system privilege CREATE SESSION and the accts_pay role to the user jward. Example 4–9 Granting a System Privilege and a Role to a User GRANT CREATE SESSION, accts_pay TO jward;

Note: Object privileges cannot be granted along with system

privileges and roles in the same GRANT statement.

Granting the ADMIN OPTION A user or role that is granted a privilege or role, which specifies the WITH ADMIN OPTION clause, has the following expanded capabilities: 4-32

Oracle Database Security Guide

Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.