09_第06章 数据库安全管理.pptVIP

本章小结 掌握数据库管理员认证； 掌握Oracle中用户的创建、修改、删除和权限管理； 对Oracle中的用户和角色加以区分，掌握Oracle中角色的创建、授权、修改和删除方法； 作业 课后选择和填空题 简述用户和角色的关系 * Controlling User Access In a multiple-user environment, you want to maintain security of the database access and use. With Oracle server database security, you can do the following: Control database access Give access to specific objects in the database Confirm given and received privileges with the Oracle data dictionary Create synonyms for database objects Database security can be classified into two categories: system security and data security. System security covers access and use of the database at the system level, such as the username and password, the disk space allocated to users, and the system operations that users can perform. Database security covers access and use of the database objects and the actions that those users can have on the objects. * Granting Object Privileges Different object privileges are available for different types of schema objects. A user automatically has all object privileges for schema objects contained in the user’s schema. A user can grant any object privilege on any schema object that the user owns to any other user or role. If the grant includes WITH GRANT OPTION, then the grantee can further grant the object privilege to other users; otherwise, the grantee can use the privilege but cannot grant it to other users. In the syntax: object_priv is an object privilege to be granted ALL specifies all object privileges columns specifies the column from a table or view on which privileges are granted ON object is the object on which the privileges are granted TO identifies to whom the privilege is granted PUBLIC grants object privileges to all users WITH GRANT OPTION allows the grantee to grant the object privileges to other users and roles * Confirming Granted Privileges If you attempt to perform an unauthorized operation, such as deleting a row from a table for which you do not have the DELETE privilege,