Oracle PL/SQL Tutorial/User Privilege/Object Privileges
Содержание
Grant a procedure to public and then execute it
<source lang="sql">
SQL> SQL> CREATE TABLE EMP (EMPNO NUMBER(4) NOT NULL,
2 ENAME VARCHAR2(10), 3 JOB VARCHAR2(9), 4 MGR NUMBER(4), 5 HIREDATE DATE, 6 SAL NUMBER(7, 2), 7 COMM NUMBER(7, 2), 8 DEPTNO NUMBER(2));
SQL> SQL> INSERT INTO EMP VALUES (7369, "SMITH", "CLERK", 7902, TO_DATE("17-DEC-1980", "DD-MON-YYYY"), 800, NULL, 20); 1 row created. SQL> INSERT INTO EMP VALUES (7499, "ALLEN", "SALESMAN", 7698, TO_DATE("20-FEB-1981", "DD-MON-YYYY"), 1600, 300, 30); 1 row created. SQL> INSERT INTO EMP VALUES (7521, "WARD", "SALESMAN", 7698, TO_DATE("22-FEB-1981", "DD-MON-YYYY"), 1250, 500, 30); 1 row created. SQL> INSERT INTO EMP VALUES (7566, "JONES", "MANAGER", 7839, TO_DATE("2-APR-1981", "DD-MON-YYYY"), 2975, NULL, 20); 1 row created. SQL> INSERT INTO EMP VALUES (7654, "MARTIN", "SALESMAN", 7698,TO_DATE("28-SEP-1981", "DD-MON-YYYY"), 1250, 1400, 30); 1 row created. SQL> INSERT INTO EMP VALUES (7698, "BLAKE", "MANAGER", 7839,TO_DATE("1-MAY-1981", "DD-MON-YYYY"), 2850, NULL, 30); 1 row created. SQL> INSERT INTO EMP VALUES (7782, "CLARK", "MANAGER", 7839,TO_DATE("9-JUN-1981", "DD-MON-YYYY"), 2450, NULL, 10); 1 row created. SQL> INSERT INTO EMP VALUES (7788, "SCOTT", "ANALYST", 7566,TO_DATE("09-DEC-1982", "DD-MON-YYYY"), 3000, NULL, 20); 1 row created. SQL> INSERT INTO EMP VALUES (7839, "KING", "PRESIDENT", NULL,TO_DATE("17-NOV-1981", "DD-MON-YYYY"), 5000, NULL, 10); 1 row created. SQL> INSERT INTO EMP VALUES (7844, "TURNER", "SALESMAN", 7698,TO_DATE("8-SEP-1981", "DD-MON-YYYY"), 1500, 0, 30); 1 row created. SQL> INSERT INTO EMP VALUES (7876, "ADAMS", "CLERK", 7788,TO_DATE("12-JAN-1983", "DD-MON-YYYY"), 1100, NULL, 20); 1 row created. SQL> INSERT INTO EMP VALUES (7900, "JAMES", "CLERK", 7698,TO_DATE("3-DEC-1981", "DD-MON-YYYY"), 950, NULL, 30); 1 row created. SQL> INSERT INTO EMP VALUES (7902, "FORD", "ANALYST", 7566,TO_DATE("3-DEC-1981", "DD-MON-YYYY"), 3000, NULL, 20); 1 row created. SQL> INSERT INTO EMP VALUES (7934, "MILLER", "CLERK", 7782,TO_DATE("23-JAN-1982", "DD-MON-YYYY"), 1300, NULL, 10); 1 row created. SQL> SQL> CREATE TABLE DEPT (DEPTNO NUMBER(2),DNAME VARCHAR2(14),LOC VARCHAR2(13) ); Table created. SQL> SQL> INSERT INTO DEPT VALUES (10, "ACCOUNTING", "NEW YORK"); 1 row created. SQL> INSERT INTO DEPT VALUES (20, "RESEARCH", "DALLAS"); 1 row created. SQL> INSERT INTO DEPT VALUES (30, "SALES", "CHICAGO"); 1 row created. SQL> INSERT INTO DEPT VALUES (40, "OPERATIONS", "BOSTON"); 1 row created. SQL> SQL> SQL> create or replace procedure emp_dept_rpt
2 AUTHID CURRENT_USER 3 as 4 begin 5 6 for x in ( select dept.deptno, sum(sal) sal, count(*) cnt 7 from emp, dept 8 where dept.deptno = emp.deptno 9 group by dept.deptno ) 10 loop 11 dbms_output.put_line( chr(9) || 12 to_char(x.deptno,"99999") || " " || 13 to_char(x.sal,"99,999") || " " || 14 to_char(x.cnt,"99,999") ); 15 end loop; 16 end; 17 /
Procedure created. SQL> SQL> grant execute on emp_dept_rpt to public
2 /
Grant succeeded. SQL> SQL> set serveroutput on format wrapped SQL> exec emp_dept_rpt;
30 18,800 12 20 21,750 10 10 17,500 6
PL/SQL procedure successfully completed. SQL> SQL> SQL> drop table emp; Table dropped. SQL> SQL> drop table dept; Table dropped. SQL></source>
Granting Object Privileges to a User
<source lang="sql">
GRANT SELECT, INSERT, UPDATE ON schemaName.objectName TO userName; GRANT SELECT ON store.employees TO userName; GRANT UPDATE (last_name, salary) ON store.employee TO userName;</source>
Object Privileges
An object privilege allows a user to perform certain actions on database objects, such as executing DML statements on tables.
Commonly Used Object Privileges
Object Privilege Allows a User to SELECT Perform a select INSERT Perform an insert UPDATE Perform an update DELETE Perform a delete EXECUTE Execute a stored procedure
Procedure for current user
<source lang="sql">
SQL> SQL> create table t ( msg varchar2(25), c1 int, c2 int ); Table created. SQL> SQL> insert into t values ( "c1=1, c2=2", 1, 2 ); 1 row created. SQL> SQL> create or replace procedure P
2 authid current_user 3 as 4 begin 5 for x in ( select * from t ) loop 6 dbms_output.put_line( "msg= " || x.msg ); 7 dbms_output.put_line( "C1 = " || x.c1 ); 8 dbms_output.put_line( "C2 = " || x.c2 ); 9 end loop; 10 end; 11 /
Procedure created. SQL> SQL> exec p msg= c1=1, c2=2 C1 = 1 C2 = 2 PL/SQL procedure successfully completed. SQL></source>
Revoking Object Privileges
<source lang="sql">
REVOKE INSERT ON tableName FROM userName; REVOKE SELECT ON schemaName.tableName FROM userName;</source>
Use the GRANT option to enable a user to grant a privilege to another user
<source lang="sql">
GRANT SELECT ON store.customers TO steve WITH GRANT OPTION;</source>