http://sqle.ru/index.php?action=history&feed=atom&title=Oracle_PL%2FSQL_Tutorial%2FUser_Privilege%2FRolesOracle PL/SQL Tutorial/User Privilege/Roles - История изменений2026-05-25T23:21:53ZИстория изменений этой страницы в викиMediaWiki 1.30.0http://sqle.ru/index.php?title=Oracle_PL/SQL_Tutorial/User_Privilege/Roles&diff=3226&oldid=prev в 13:45, 26 мая 20102010-05-26T13:45:46Z<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<tr style="vertical-align: top;" lang="ru">
<td colspan="1" style="background-color: white; color:black; text-align: center;">← Предыдущая</td>
<td colspan="1" style="background-color: white; color:black; text-align: center;">Версия 13:45, 26 мая 2010</td>
</tr><tr><td colspan="2" style="text-align: center;" lang="ru"><div class="mw-diff-empty">(нет различий)</div>
</td></tr></table>http://sqle.ru/index.php?title=Oracle_PL/SQL_Tutorial/User_Privilege/Roles&diff=3227&oldid=prevAdmin: 1 версия2010-05-26T10:05:44Z<p>1 версия</p>
<p><b>Новая страница</b></p><div>== Assign CONNECT and RESOURCE Roles==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
SQL><br />
SQL> CREATE USER Alice IDENTIFIED BY simplepassword;<br />
User created.<br />
SQL><br />
SQL> GRANT CONNECT, RESOURCE to Alice;<br />
Grant succeeded.<br />
SQL><br />
SQL><br />
SQL> drop user alice;<br />
User dropped.<br />
SQL><br />
SQL></source><br />
<br />
<br />
<br />
== Assign object privileges to roles==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
SQL> GRANT SELECT, INSERT ON employee TO entry;<br />
<br />
SQL> GRANT SELECT, INSERT ON customer TO entry;<br />
SQL> GRANT SELECT, UPDATE ON employee TO maintenance;<br />
SQL> GRANT SELECT, UPDATE ON customer TO maintenance;<br />
SQL> GRANT EXECUTE ON validate_salary TO maintenance;<br />
SQL> GRANT SELECT, INSERT, UPDATE, DELETE ON employee TO manager;<br />
SQL> GRANT SELECT, INSERT, UPDATE, DELETE ON customer TO manager;<br />
SQL> GRANT EXECUTE ON validate_salary TO manager;<br />
SQL> GRANT EXECUTE ON adjust_salary TO manager;<br />
SQL><br />
SQL><br />
SQL></source><br />
<br />
<br />
<br />
== Assign Role to User==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
SQL><br />
SQL> GRANT TestRole TO Alice;<br />
SQL></source><br />
<br />
<br />
<br />
== Checking Object Privileges Granted to a Role==<br />
<br />
<p>You can check which object privileges have been granted to a role by querying role_tab_privs.</p><br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
SQL> desc role_tab_privs;<br />
Name Null? Type<br />
ROLE NOT NULL VARCHAR2(30) --User to whom the privilege was granted. <br />
OWNER NOT NULL VARCHAR2(30) --User who owns the object. <br />
TABLE_NAME NOT NULL VARCHAR2(30) --Name of the object on which privilege was granted. <br />
COLUMN_NAME VARCHAR2(30) --Name of the column (if applicable). <br />
PRIVILEGE NOT NULL VARCHAR2(40) --Privilege on the object. <br />
GRANTABLE VARCHAR2(3) --Whether the privilege was granted with the GRANT option. Equal to YES or NO. <br />
SELECT *<br />
FROM role_tab_privs;</source><br />
<br />
<br />
<br />
== Checking Roles Granted to a User==<br />
<br />
<p>You can check which roles have been granted to a user by querying user_role_privs.<br />
A user who creates a role is also granted that role by default.</p><br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
SQL> desc user_role_privs;<br />
Name Type Description<br />
USERNAME VARCHAR2(30) --Name of the user to whom the role has been granted.<br />
GRANTED_ROLE VARCHAR2(30) --Name of the role granted to the user.<br />
ADMIN_OPTION VARCHAR2(3) --Whether the user is able to grant the role to another user or role. Equal to YES or NO.<br />
DEFAULT_ROLE VARCHAR2(3) --Whether the role is enabled by default when the user connects to the database. Equal to YES or NO.<br />
OS_GRANTED VARCHAR2(3) --Whether the role was granted by the operating system.<br />
SELECT * FROM user_role_privs;</source><br />
<br />
<br />
<br />
== Checking System Privileges Granted to a Role==<br />
<br />
<p>You can check which system privileges have been granted to a role by querying role_sys_privs.</p><br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
SQL> desc role_sys_privs;<br />
Name Null? Type<br />
ROLE NOT NULL VARCHAR2(30) --Name of the role.<br />
PRIVILEGE NOT NULL VARCHAR2(40) --System privilege granted to the role.<br />
ADMIN_OPTION VARCHAR2(3) --Whether the privilege was granted with the ADMIN option. Equal to YES or NO.<br />
<br />
SELECT *<br />
FROM role_sys_privs;</source><br />
<br />
<br />
<br />
== Creating Roles==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
GRANT CREATE ROLE TO store;<br />
GRANT CREATE USER TO store WITH ADMIN OPTION;<br />
CREATE ROLE product_manager;<br />
CREATE ROLE hr_manager;<br />
CREATE ROLE overall_manager IDENTIFIED by manager_password;</source><br />
<br />
<br />
<br />
== Default Roles==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
ALTER USER steve DEFAULT ROLE ALL EXCEPT overall_manager;<br />
SET ROLE NONE;<br />
SET ROLE ALL EXCEPT overall_manager;</source><br />
<br />
<br />
<br />
== Dropping a Role==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
CREATE ROLE product_manager;<br />
GRANT SELECT, INSERT, UPDATE, DELETE ON employee TO product_manager;<br />
REVOKE ALL ON products FROM product_manager;<br />
DROP ROLE product_manager;</source><br />
<br />
<br />
<br />
== Drop Role==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
SQL><br />
SQL> DROP ROLE TestRole;<br />
Role dropped.</source><br />
<br />
<br />
<br />
== Granting Privileges to Roles==<br />
<br />
<p>You can grant both system and object privileges to a role, as well as grant another role to a role.</p><br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
GRANT SELECT, INSERT, UPDATE, DELETE ON tableNames TO product_manager;<br />
GRANT CREATE USER TO hr_manager;<br />
GRANT product_manager, hr_manager TO overall_manager;</source><br />
<br />
<br />
<br />
== Granting Roles to a User==<br />
<br />
<p>You grant a role to a user using GRANT.</p><br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
GRANT overall_manager TO userName;</source><br />
<br />
<br />
<br />
== Output session roles from procedure==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
SQL><br />
SQL> create or replace procedure myProcedure<br />
2 authid current_user<br />
3 as<br />
4 begin<br />
5 for rec in (select * from session_roles)<br />
6 loop<br />
7 dbms_output.put_line(rec.role);<br />
8 end loop;<br />
9 end;<br />
10 /<br />
Procedure created.<br />
SQL> execute myProcedure<br />
DBA<br />
SELECT_CATALOG_ROLE<br />
HS_ADMIN_ROLE<br />
EXECUTE_CATALOG_ROLE<br />
DELETE_CATALOG_ROLE<br />
EXP_FULL_DATABASE<br />
IMP_FULL_DATABASE<br />
GATHER_SYSTEM_STATISTICS<br />
SCHEDULER_ADMIN<br />
XDBADMIN<br />
XDBWEBSERVICES<br />
PL/SQL procedure successfully completed.<br />
SQL><br />
SQL><br />
SQL> drop procedure myProcedure;<br />
Procedure dropped.<br />
SQL></source><br />
<br />
<br />
<br />
== Query user granted roles==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
SQL><br />
SQL> <br />
SQL> COL grantee FORMAT A8<br />
SQL> COL granted_role FORMAT A30<br />
SQL> COL grantor FORMAT A8<br />
SQL> COL privilege FORMAT A12<br />
SQL> COL owner FORMAT A4<br />
SQL> COL table_name FORMAT A30<br />
SQL><br />
SQL> <br />
SQL> SELECT grantee<br />
2 , granted_role<br />
3 FROM dba_role_privs<br />
4 WHERE grantee = "PLSQL";<br />
GRANTEE GRANTED_ROLE<br />
-------- ------------------------------<br />
PLSQL CTXAPP<br />
PLSQL CONNECT<br />
PLSQL RESOURCE<br />
3 rows selected.<br />
SQL><br />
SQL> -- Query resources.<br />
SQL> SELECT grantor<br />
2 , owner<br />
3 , table_name<br />
4 , grantee<br />
5 , privilege<br />
6 FROM dba_tab_privs<br />
7 WHERE grantee = "PLSQL";<br />
no rows selected</source><br />
<br />
<br />
<br />
== Regina and Kristen are manager level users==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
SQL> CREATE ROLE manager;<br />
Role created.<br />
SQL><br />
SQL> CREATE USER regina identified by regina;<br />
User created.<br />
SQL> CREATE USER kristen identified by kristen;<br />
User created.<br />
SQL> GRANT CONNECT TO regina, kristen;<br />
Grant succeeded.<br />
SQL> GRANT manager TO regina, kristen;<br />
Grant succeeded.<br />
SQL><br />
SQL> drop user regina;<br />
User dropped.<br />
SQL> drop user kristen;<br />
User dropped.<br />
SQL><br />
SQL> drop role manager;<br />
Role dropped.</source><br />
<br />
<br />
<br />
== Revoking a Role==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
REVOKE overall_manager FROM steve;</source><br />
<br />
<br />
<br />
== Revoking Privileges from a Role==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
CREATE ROLE product_manager;<br />
GRANT SELECT, INSERT, UPDATE, DELETE ON employee TO product_manager;<br />
REVOKE ALL ON products FROM product_manager;<br />
DROP ROLE product_manager;</source><br />
<br />
<br />
<br />
== Rich and Brad are maintenance level users==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
SQL> CREATE ROLE maintenance;<br />
Role created.<br />
SQL><br />
SQL> CREATE USER rich identified by rich;<br />
User created.<br />
SQL> CREATE USER brad identified by brad;<br />
User created.<br />
SQL> GRANT CONNECT TO rich, brad;<br />
Grant succeeded.<br />
SQL> GRANT maintenance TO rich, brad;<br />
Grant succeeded.<br />
SQL><br />
SQL> drop user rich;<br />
User dropped.<br />
SQL> drop user brad;<br />
User dropped.<br />
SQL> drop role maintenance;<br />
Role dropped.</source><br />
<br />
<br />
<br />
== Roles==<br />
<br />
<OL><LI>A role is a group of privileges that you can assign to a user or another role.</LI><LI>You can grant a role to multiple users and roles.</LI><LI>When adding or deleting a privilege from a role, all users and roles assigned that role automatically receive or lose that privilege.</LI><LI>You can assign multiple roles to a user or role.</LI><LI>You can assign a password to a role.</LI></OL><br />
36. 7. Roles<br />
36. 7. 1. <br />
Roles<br />
36. 7. 2. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/CreatingRoles.htm">Creating Roles</a><br />
36. 7. 3. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/GrantingPrivilegestoRoles.htm">Granting Privileges to Roles</a><br />
36. 7. 4. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/GrantingRolestoaUser.htm">Granting Roles to a User</a><br />
36. 7. 5. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/AssignRoletoUser.htm">Assign Role to User</a><br />
36. 7. 6. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/CheckingRolesGrantedtoaUser.htm">Checking Roles Granted to a User</a><br />
36. 7. 7. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/CheckingSystemPrivilegesGrantedtoaRole.htm">Checking System Privileges Granted to a Role</a><br />
36. 7. 8. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/CheckingObjectPrivilegesGrantedtoaRole.htm">Checking Object Privileges Granted to a Role</a><br />
36. 7. 9. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/AssignCONNECTandRESOURCERoles.htm">Assign CONNECT and RESOURCE Roles</a><br />
36. 7. 10. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/DefaultRoles.htm">Default Roles</a><br />
36. 7. 11. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/RevokingaRole.htm">Revoking a Role</a><br />
36. 7. 12. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/RevokingPrivilegesfromaRole.htm">Revoking Privileges from a Role</a><br />
36. 7. 13. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/DroppingaRole.htm">Dropping a Role</a><br />
36. 7. 14. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/ReginaandKristenaremanagerlevelusers.htm">Regina and Kristen are manager level users</a><br />
36. 7. 15. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/RichandBradaremaintenancelevelusers.htm">Rich and Brad are maintenance level users</a><br />
36. 7. 16. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/UnassignRole.htm">Unassign Role</a><br />
36. 7. 17. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/DropRole.htm">Drop Role</a><br />
36. 7. 18. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/Assignobjectprivilegestoroles.htm">Assign object privileges to roles</a><br />
36. 7. 19. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/UnassignRolefromUser.htm">Unassign Role from User</a><br />
36. 7. 20. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/Outputsessionrolesfromprocedure.htm">Output session roles from procedure</a><br />
36. 7. 21. <br />
<A href="/Tutorial/Oracle/0700__User-Privilege/Queryusergrantedroles.htm">Query user granted roles</a><br />
<br />
== Unassign Role==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
SQL><br />
SQL> CREATE USER Alice IDENTIFIED BY simplepassword;<br />
User created.<br />
SQL><br />
SQL> GRANT CONNECT, RESOURCE to Alice;<br />
Grant succeeded.<br />
SQL><br />
SQL> REVOKE RESOURCE FROM Alice;<br />
Revoke succeeded.<br />
SQL><br />
SQL> drop user alice;<br />
User dropped.<br />
SQL><br />
SQL><br />
SQL></source><br />
<br />
<br />
<br />
== Unassign Role from User==<br />
<br />
<br />
<br />
<br />
<!-- start source code --><br />
<br />
<source lang="sql"><br />
SQL><br />
SQL> REVOKE TestRole FROM Alice;</source></div>Admin