Introduction to Managing Object Privileges and Database Objects
You already learned about creating different types of database objects.
Your Oracle database will store and manipulate these database objects to respond to user requests, but which users?
You can control who can access objects in the database and what they are allowed to do with those objects by assigning object privileges
Object privileges are used to enforce security on the objects by limiting the type of access that any one user has to the objects.
In this module, you will learn about object privileges. By the end of this module, you will be able to:
- Assign Oracle's object privileges
- Grant other users access to your tables
- Grant object privileges by using Security Manager
- List the privileges that have been granted on a table
- List the privileges that have been granted on columns and for users
- Use the
WITH GRANT option
Revoke privileges once granted
All database systems require some type of security on the data they contain, and this module will give you all the information you need to design and enforce a security scheme.
Users, Roles, and Privileges
Every Oracle user has a name and password and owns any tables, views, and other resources that he or she creates.
An Oracle role is a set of privileges (or the type of access that each user needs, depending on his or her status and responsibilities).
You can grant or bestow specific privileges to roles and then assign roles to the appropriate users.
A user can also grant privileges directly to other users. Database system privileges let you execute specific sets of commands.
The CREATE TABLE privilege, for example, lets you create tables. The privilege GRANT ANY PRIVILEGE allows you to grant any system privilege.
Database object privileges give you the ability to perform some operation on various objects. The DELETE privilege, for example, lets you delete rows from tables and views.
The SELECT privilege allows you to query with a select from tables, views, sequences, and snapshots (materialized views).
The capability to perform some type of database action.