In addition, we??™ll review the two types of privileges in an Oracle database: system privileges
and object privileges. Both of these privileges can be assigned directly to users, or indirectly through
roles, another mechanism that can make a DBA??™s job easier when assigning privileges to users.
At the end of this section, we??™ll cover the Virtual Private Database (VPD) features of Oracle
and how it can be used to provide more precise control over what parts of a table can be seen by
a user based on a set of DBA-defined credentials assigned to the user. To help make the concepts
clearer, we??™ll step through an implementation of a VPD from beginning to end.
Profile Management
There never seems to be enough CPU power or disk space or I/O bandwidth to run a user??™s query.
Because all these resources are inherently limited, Oracle provides a mechanism to control how
much of these resources a user can use. An Oracle profile is a named set of resource limits
providing this mechanism.
Data Dictionary View Description
DBA_USERS Contains usernames, encrypted passwords, account status,
and default tablespaces.
DBA_TS_QUOTAS Disk space usage and limits by user and tablespace, for
users who have quotas that are not UNLIMITED.
DBA_PROFILES Profiles that can be assigned to users with resource limits
assigned to the profiles.
USER_HISTORY$ Password history with usernames, encrypted passwords,
and datestamps. Used to enforce password reuse rules
if you set the initialization parameter RESOURCE_LIMIT
to TRUE and limit password reuse using the alter profile
parameters password_reuse_*.
Pages:
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493